project = "onap"
-release = "master"
-version = "master"
+release = "kohn"
+version = "kohn"
author = "Open Network Automation Platform"
# yamllint disable-line rule:line-length
# Change to {releasename} after you have created the new 'doc' branch.
#
-branch = 'latest'
+branch = 'kohn'
intersphinx_mapping = {}
doc_url = 'https://docs.onap.org/projects'
linkcheck_ignore = [
+ "https://istio-release.storage.googleapis.com/charts",
r'http://localhost:\d+/'
-]
\ No newline at end of file
+]
project: onap
# Change this to ReleaseBranchName to modify the header
-default-version: latest
+default-version: kohn
#
.. http://creativecommons.org/licenses/by/4.0
.. Copyright (C) 2022 Nordix Foundation
+.. Links
+.. _Kubernetes LoadBalancer: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
+.. _Kubernetes NodePort: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+
.. _oom_access_info_guide:
OOM Access Info
----------------
+###############
.. figure:: ../../resources/images/oom_logo/oomLogoV2-medium.png
:align: right
+Access via NodePort/Loadbalancer
+********************************
+
+The ONAP deployment created by OOM operates in a private IP network that isn't
+publicly accessible (i.e. OpenStack VMs with private internal network) which
+blocks access to the ONAP User Interfaces.
+To enable direct access to a service from a user's own environment (a laptop etc.)
+the application's internal port is exposed through a `Kubernetes NodePort`_ or
+`Kubernetes LoadBalancer`_ object.
+
+Typically, to be able to access the Kubernetes nodes publicly a public address
+is assigned. In OpenStack this is a floating IP address.
+
+Most ONAP applications use the `NodePort` as predefined `service:type`,
+which opens allows access to the service through the the IP address of each
+Kubernetes node.
+When using the `Loadbalancer` as `service:type` `Kubernetes LoadBalancer`_ object
+which gets a separate IP address.
+
+.. note::
+ The following example uses the `ONAP Portal`, which is not actively maintained
+ in Kohn and will be replaced in the future
+
+When e.g. the `portal-app` chart is deployed a Kubernetes service is created that
+instantiates a load balancer. The LB chooses the private interface of one of
+the nodes as in the example below (10.0.0.4 is private to the K8s cluster only).
+Then to be able to access the portal on port 8989 from outside the K8s &
+OpenStack environment, the user needs to assign/get the floating IP address that
+corresponds to the private IP as follows::
+
+ > kubectl -n onap get services|grep "portal-app"
+ portal-app LoadBalancer 10.43.142.201 10.0.0.4 8989:30215/TCP,8006:30213/TCP,8010:30214/TCP 1d app=portal-app,release=dev
+
+
+In this example, use the 11.0.0.4 private address as a key find the
+corresponding public address which in this example is 10.12.6.155. If you're
+using OpenStack you'll do the lookup with the horizon GUI or the OpenStack CLI
+for your tenant (openstack server list). That IP is then used in your
+`/etc/hosts` to map the fixed DNS aliases required by the ONAP Portal as shown
+below::
+
+ 10.12.6.155 portal.api.simpledemo.onap.org
+ 10.12.6.155 vid.api.simpledemo.onap.org
+ 10.12.6.155 sdc.api.fe.simpledemo.onap.org
+ 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
+ 10.12.6.155 sdc.dcae.plugin.simpledemo.onap.org
+ 10.12.6.155 portal-sdk.simpledemo.onap.org
+ 10.12.6.155 policy.api.simpledemo.onap.org
+ 10.12.6.155 aai.api.sparky.simpledemo.onap.org
+ 10.12.6.155 cli.api.simpledemo.onap.org
+ 10.12.6.155 msb.api.discovery.simpledemo.onap.org
+ 10.12.6.155 msb.api.simpledemo.onap.org
+ 10.12.6.155 clamp.api.simpledemo.onap.org
+ 10.12.6.155 so.api.simpledemo.onap.org
+ 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
+
+Ensure you've disabled any proxy settings the browser you are using to access
+the portal and then simply access now the new ssl-encrypted URL:
+``https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm``
+
+.. note::
+ Using the HTTPS based Portal URL the Browser needs to be configured to accept
+ unsecure credentials.
+ Additionally when opening an Application inside the Portal, the Browser
+ might block the content, which requires to disable the blocking and reloading
+ of the page
+
+.. note::
+ Besides the ONAP Portal the Components can deliver additional user interfaces,
+ please check the Component specific documentation.
+
+.. note::
+
+ | Alternatives Considered:
+
+ - Kubernetes port forwarding was considered but discarded as it would
+ require the end user to run a script that opens up port forwarding tunnels
+ to each of the pods that provides a portal application widget.
+
+ - Reverting to a VNC server similar to what was deployed in the Amsterdam
+ release was also considered but there were many issues with resolution,
+ lack of volume mount, /etc/hosts dynamic update, file upload that were
+ a tall order to solve in time for the Beijing release.
+
+ Observations:
+
+ - If you are not using floating IPs in your Kubernetes deployment and
+ directly attaching a public IP address (i.e. by using your public provider
+ network) to your K8S Node VMs' network interface, then the output of
+ 'kubectl -n onap get services | grep "portal-app"'
+ will show your public IP instead of the private network's IP. Therefore,
+ you can grab this public IP directly (as compared to trying to find the
+ floating IP first) and map this IP in /etc/hosts.
+
Some relevant information regarding accessing OOM from outside the cluster etc
+ONAP Nodeports
+==============
+
+NodePorts are used to allow client applications, that run outside of
+Kubernetes, access to ONAP components deployed by OOM.
+A NodePort maps an externally reachable port to an internal port of an ONAP
+microservice.
+It should be noted that the use of NodePorts is temporary.
+An alternative solution based on Ingress Controller, which initial support is
+already in place. It is planned to become a default deployment option in the
+London release.
+
+More information from official Kubernetes documentation about
+`Kubernetes NodePort`_.
+
+The following table lists all the NodePorts used by ONAP.
+
+.. csv-table:: NodePorts table
+ :file: ../../resources/csv/nodeports.csv
+ :widths: 20,20,20,20,20
+ :header-rows: 1
+
+
+This table retrieves information from the ONAP deployment using the following
+Kubernetes command:
+
+.. code-block:: bash
+
+ kubectl get svc -n onap -o go-template='{{range .items}}{{range.spec.ports}}{{if .nodePort}}{{.nodePort}}{{.}}{{"\n"}}{{end}}{{end}}{{end}}'
+
+
+(Optional) Access via Ingress
+*****************************
+
+Using Ingress as access method requires the installation of an Ingress
+controller and the configuration of the ONAP deployment to use it.
+
+For "ONAP on ServiceMesh" you can find the instructions in:
+
+- :ref:`oom_base_optional_addons`
+- :ref:`oom_customize_overrides`
+
+In the ServiceMesh deployment the Istio IngressGateway is the only access point
+for ONAP component interfaces.
+Usually the Ingress is accessed via a LoadBalancer IP (<ingress-IP>),
+which is used as central address.
+All APIs/UIs are provided via separate URLs which are routed to the component service.
+To use these URLs they need to be resolvable via DNS or via /etc/hosts.
+
+The domain name is usually defined in the `global` section of the ONAP helm-charts,
+`virtualhost.baseurl` (here "simpledemo.onap.org") whereas the hostname of
+the service (e.g. "sdc-fe-ui") is defined in the component's chart.
+
+.. code-block:: none
-.. toctree::
- :maxdepth: 1
+ <ingress-IP> kiali.simpledemo.onap.org
+ <ingress-IP> cds-ui.simpledemo.onap.org
+ <ingress-IP> sdc-fe-ui.simpledemo.onap.org
+ ...
- oom_ingress_access.rst
+To access e.g. the SDC UI now the new ssl-encrypted URL:
+``https://sdc-fe-ui.simpledemo.onap.org/sdc1``
+++ /dev/null
-.. This work is licensed under a Creative Commons Attribution 4.0
-.. International License.
-.. http://creativecommons.org/licenses/by/4.0
-.. Copyright (C) 2022 Nordix Foundation
-
-.. Links
-
-
-.. figure:: ../../resources/images/oom_logo/oomLogoV2-medium.png
- :align: right
-
-.. _oom_ingress_access:
-
-
-Ingress access to OOM
-#####################
-
-TBD
Enabling/Disabling Components
------------------------------
+*****************************
Here is an example of the nominal entries that need to be provided.
Different values files are available for different contexts.
|
-Some other heading
-------------------
-adva
\ No newline at end of file
+(Optional) "ONAP on Service Mesh"
+*********************************
+
+To enable "ONAP on Service Mesh" both "ServiceMesh" and "Ingress"
+configuration entries need to be configured before deployment.
+
+Global settings relevant for ServiceMesh:
+
+.. code-block:: yaml
+
+ global:
+ ingress:
+ # generally enable ingress for ONAP components
+ enabled: false
+ # enable all component's Ingress interfaces
+ enable_all: false
+ # default Ingress base URL
+ # can be overwritten in component by setting ingress.baseurlOverride
+ virtualhost:
+ baseurl: "simpledemo.onap.org"
+ # All http requests via ingress will be redirected on Ingress controller
+ # only valid for Istio Gateway (ServiceMesh enabled)
+ config:
+ ssl: "redirect"
+ # you can set an own Secret containing a certificate
+ # only valid for Istio Gateway (ServiceMesh enabled)
+ # tls:
+ # secret: 'my-ingress-cert'
+ # optional: Namespace of the Istio IngressGateway
+ # only valid for Istio Gateway (ServiceMesh enabled)
+ namespace: istio-ingress
+ ...
+ serviceMesh:
+ enabled: true
+ tls: true
+ # be aware that linkerd is not well tested
+ engine: "istio" # valid value: istio or linkerd
+ aafEnabled: false
+ cmpv2Enabled: false
+ tlsEnabled: false
+ msbEnabled: false
+
+ServiceMesh settings:
+
+- enabled: true → enables ServiceMesh functionality in the ONAP Namespace (Istio: enables Sidecar deployment)
+- tls: true → enables mTLS encryption in Sidecar communication
+- engine: istio → sets the SM engine (currently only Istio is supported)
+- aafEnabled: false → disables AAF usage for TLS interfaces
+- tlsEnabled: false → disables creation of TLS in component services
+- cmpv2Enabled: false → disable cmpv2 feature
+- msbEnabled: false → MSB is not used in Istio setup (Open, if all components are MSB independend)
+
+Ingress settings:
+
+- enabled: true → enables Ingress using: Nginx (when SM disabled), Istio IngressGateway (when SM enabled)
+- enable_all: true → enables Ingress configuration in each component
+- virtualhost.baseurl: "simpledemo.onap.org" → sets globally the URL for all Interfaces set by the components,
+ resulting in e.g. "aai-api.simpledemo.onap.org", can be overwritten in the component via: ingress.baseurlOverride
+- config.ssl: redirect → sets in the Ingress globally the redirection of all Interfaces from http (port 80) to https (port 443)
+- config.tls.secret: "..." → (optional) overrides the default selfsigned SSL certificate with a certificate stored in the specified secret
+- namespace: istio-ingress → (optional) overrides the namespace of the ingress gateway which is used for the created SSL certificate
+
+.. note::
+ For "ONAP on Istio" an example override file (`onap-all-ingress-istio.yaml`)
+ can be found in the `oom/kubernetes/onap/resources/overrides/` directory.
.. Links
.. _Prometheus stack README: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#readme
+.. _ONAP Next Generation Security & Logging Structure: https://wiki.onap.org/pages/viewpage.action?pageId=103417456
+.. _Istio best practices: https://docs.solo.io/gloo-mesh-enterprise/latest/setup/prod/namespaces/
+.. _Istio setup guide: https://istio.io/latest/docs/setup/install/helm/
+.. _Kiali setup guide: https://kiali.io/docs/installation/installation-guide/example-install/
.. _oom_base_optional_addons:
- To install prometheus, execute the following, replacing the <recommended-pm-version> with the version defined in the :ref:`versions_table` table::
> helm install prometheus prometheus-community/kube-prometheus-stack --namespace=prometheus --create-namespace --version=<recommended-pm-version>
+
+ONAP on Service Mesh
+********************
+
+.. warning::
+ "ONAP on Service Mesh" is not fully supported in "Kohn". Full support is
+ planned for London release to support the
+ `ONAP Next Generation Security & Logging Structure`_
+
+.. figure:: ../../resources/images/servicemesh/ServiceMesh.png
+ :align: center
+
+ONAP is currenty planned to support Istio as default ServiceMesh platform.
+Therefor the following instructions describe the setup of Istio and required tools.
+Used `Istio best practices`_ and `Istio setup guide`_
+
+Istio Platform Installation
+===========================
+
+Install Istio Basic Platform
+----------------------------
+
+- Configure the Helm repository::
+
+ > helm repo add istio https://istio-release.storage.googleapis.com/charts
+
+ > helm repo update
+
+- Create a namespace for "mesh-level" configurations::
+
+ > kubectl create namespace istio-config
+
+- Create a namespace istio-system for Istio components::
+
+ > kubectl create namespace istio-system
+
+- Install the Istio Base chart which contains cluster-wide resources used by the
+ Istio control plane, replacing the <recommended-istio-version> with the version
+ defined in the :ref:`versions_table` table::
+
+ > helm upgrade -i istio-base istio/base -n istio-system --version <recommended-istio-version>
+
+- Install the Istio Base Istio Discovery chart which deploys the istiod service, replacing the
+ <recommended-istio-version> with the version defined in the :ref:`versions_table` table
+ (enable the variable to enforce the (sidecar) proxy startup before the container start)::
+
+ > helm upgrade -i istiod istio/istiod -n istio-system --version <recommended-istio-version>
+ --wait --set global.proxy.holdApplicationUntilProxyStarts=true --set meshConfig.rootNamespace=istio-config
+
+Add an EnvoyFilter for HTTP header case
+---------------------------------------
+
+When handling HTTP/1.1, Envoy will normalize the header keys to be all lowercase.
+While this is compliant with the HTTP/1.1 spec, in practice this can result in issues
+when migrating existing systems that might rely on specific header casing.
+In our case a problem was detected in the SDC client implementation, which relies on
+uppercase header values. To solve this problem in general we add a EnvoyFilter to keep
+the uppercase header in the istio-config namespace to apply for all namespaces, but
+set the context to SIDECAR_INBOUND to avoid problems in the connection between Istio-Gateway and Services
+
+- Create a EnvoyFilter file (e.g. envoyfilter-case.yaml)
+
+ .. collapse:: envoyfilter-case.yaml
+
+ .. include:: ../../resources/yaml/envoyfilter-case.yaml
+ :code: yaml
+
+- Apply the change to Istio::
+
+ > kubectl apply -f envoyfilter-case.yaml
+
+Install Istio Gateway
+---------------------
+
+- Create a namespace istio-ingress for the Istio Ingress gateway
+ and enable istio-injection::
+
+ > kubectl create namespace istio-ingress
+
+ > kubectl label namespace istio-ingress istio-injection=enabled
+
+- Install the Istio Gateway chart,replacing the
+ <recommended-istio-version> with the version defined in
+ the :ref:`versions_table` table::
+
+ > helm upgrade -i istio-ingressgateway istio/gateway -n istio-ingress
+ --version <recommended-istio-version> --wait
+
+Kiali Installation
+==================
+
+Kiali is used to visualize the Network traffic in a ServiceMesh enabled cluster
+For setup the kiali operator is used, see `Kiali setup guide`_
+
+- Install kiali-operator namespace::
+
+ > kubectl create namespace kiali-operator
+
+ > kubectl label namespace kiali-operator istio-injection=enabled
+
+- Install the kiali-operator::
+
+ > helm repo add kiali https://kiali.org/helm-charts
+
+ > helm repo update kiali
+
+ > helm install --namespace kiali-operator kiali/kiali-operator
+
+- Create Kiali CR file (e.g. kiali.yaml)
+
+ .. collapse:: kiali.yaml
+
+ .. include:: ../../resources/yaml/kiali.yaml
+ :code: yaml
+
+- Install kiali::
+
+ > kubectl apply -f kiali.yaml
+
+- Create Ingress gateway entry for the kiali web interface
+ using the configured Ingress <base-url> (here "simpledemo.onap.org")
+ as described in :ref:`oom_customize_overrides`
+
+ .. collapse:: kiali-ingress.yaml
+
+ .. include:: ../../resources/yaml/kiali-ingress.yaml
+ :code: yaml
+
+- Add the Ingress entry for Kiali::
+
+ > kubectl -n istio-system apply -f kiali-ingress.yaml
+
+
+Jaeger Installation
+===================
+
+To be done...
\ No newline at end of file
.. _versions_table:
-.. table:: OOM Software Requirements
-
- ============== =========== ======= ======== ======== ============ ================= =======
- Release Kubernetes Helm kubectl Docker Cert-Manager Prometheus Stack Strimzi
- ============== =========== ======= ======== ======== ============ ================= =======
- Jakarta 1.22.4 3.6.3 1.22.4 20.10.x 1.8.0 35.x 0.28.0
- Kohn 1.23.8 3.8.2 1.23.8 20.10.x 1.8.0 35.x 0.31.1
- ============== =========== ======= ======== ======== ============ ================= =======
+.. table:: OOM Software Requirements (base)
+
+ ============== =========== ======= ======== ======== ============ =======
+ Release Kubernetes Helm kubectl Docker Cert-Manager Strimzi
+ ============== =========== ======= ======== ======== ============ =======
+ Jakarta 1.22.4 3.6.3 1.22.4 20.10.x 1.8.0 0.28.0
+ Kohn 1.23.8 3.8.2 1.23.8 20.10.x 1.8.0 0.32.0
+ ============== =========== ======= ======== ======== ============ =======
+
+.. table:: OOM Software Requirements (optional)
+
+ ============== ================= ======
+ Release Prometheus Stack Istio
+ ============== ================= ======
+ Jakarta 35.x ---
+ Kohn 35.x 1.15.1
+ ============== ================= ======
.. toctree::
<...>
-Accessing the ONAP Portal using OOM and a Kubernetes Cluster
-------------------------------------------------------------
-
-The ONAP deployment created by OOM operates in a private IP network that isn't
-publicly accessible (i.e. OpenStack VMs with private internal network) which
-blocks access to the ONAP Portal. To enable direct access to this Portal from a
-user's own environment (a laptop etc.) the portal application's port 8989 is
-exposed through a `Kubernetes LoadBalancer`_ object.
-
-Typically, to be able to access the Kubernetes nodes publicly a public address
-is assigned. In OpenStack this is a floating IP address.
-
-When the `portal-app` chart is deployed a Kubernetes service is created that
-instantiates a load balancer. The LB chooses the private interface of one of
-the nodes as in the example below (10.0.0.4 is private to the K8s cluster only).
-Then to be able to access the portal on port 8989 from outside the K8s &
-OpenStack environment, the user needs to assign/get the floating IP address that
-corresponds to the private IP as follows::
-
- > kubectl -n onap get services|grep "portal-app"
- portal-app LoadBalancer 10.43.142.201 10.0.0.4 8989:30215/TCP,8006:30213/TCP,8010:30214/TCP 1d app=portal-app,release=dev
-
-
-In this example, use the 11.0.0.4 private address as a key find the
-corresponding public address which in this example is 10.12.6.155. If you're
-using OpenStack you'll do the lookup with the horizon GUI or the OpenStack CLI
-for your tenant (openstack server list). That IP is then used in your
-`/etc/hosts` to map the fixed DNS aliases required by the ONAP Portal as shown
-below::
-
- 10.12.6.155 portal.api.simpledemo.onap.org
- 10.12.6.155 vid.api.simpledemo.onap.org
- 10.12.6.155 sdc.api.fe.simpledemo.onap.org
- 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
- 10.12.6.155 sdc.dcae.plugin.simpledemo.onap.org
- 10.12.6.155 portal-sdk.simpledemo.onap.org
- 10.12.6.155 policy.api.simpledemo.onap.org
- 10.12.6.155 aai.api.sparky.simpledemo.onap.org
- 10.12.6.155 cli.api.simpledemo.onap.org
- 10.12.6.155 msb.api.discovery.simpledemo.onap.org
- 10.12.6.155 msb.api.simpledemo.onap.org
- 10.12.6.155 clamp.api.simpledemo.onap.org
- 10.12.6.155 so.api.simpledemo.onap.org
- 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
-
-Ensure you've disabled any proxy settings the browser you are using to access
-the portal and then simply access now the new ssl-encrypted URL:
-``https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm``
-
-.. note::
- Using the HTTPS based Portal URL the Browser needs to be configured to accept
- unsecure credentials.
- Additionally when opening an Application inside the Portal, the Browser
- might block the content, which requires to disable the blocking and reloading
- of the page
-
-.. note::
- Besides the ONAP Portal the Components can deliver additional user interfaces,
- please check the Component specific documentation.
-
-.. note::
-
- | Alternatives Considered:
-
- - Kubernetes port forwarding was considered but discarded as it would
- require the end user to run a script that opens up port forwarding tunnels
- to each of the pods that provides a portal application widget.
-
- - Reverting to a VNC server similar to what was deployed in the Amsterdam
- release was also considered but there were many issues with resolution,
- lack of volume mount, /etc/hosts dynamic update, file upload that were
- a tall order to solve in time for the Beijing release.
-
- Observations:
-
- - If you are not using floating IPs in your Kubernetes deployment and
- directly attaching a public IP address (i.e. by using your public provider
- network) to your K8S Node VMs' network interface, then the output of
- 'kubectl -n onap get services | grep "portal-app"'
- will show your public IP instead of the private network's IP. Therefore,
- you can grab this public IP directly (as compared to trying to find the
- floating IP first) and map this IP in /etc/hosts.
.. figure:: ../../resources/images/oom_logo/oomLogoV2-Monitor.png
:align: right
--- /dev/null
+NodePort,Component,Service name,targetPort,Port
+30200,VID,vid,8443,8443
+30201,SDNC,sdnc-portal,8443,8443
+30203,SDNC,sdnc-dgbuilder,3100,3000
+30204,SDC,sdc-be-external,8443,8443
+30207,SDC,sdc-fe,9443,9443
+30209,ROBOT,robot,443,443
+30210,AAI,aai-modelloader,8080,8080
+30211,APPC,appc,9191,9090
+30212,PORTAL,portal-sdk,8443,8443
+30218,POLICY,pap,9091,9091
+30219,POLICY,pap,8443,8443
+30220,AAI,aai-sparky-be,8000,8000
+30222,DCAE,xdcae-hv-ves-collector,6061,6061
+30225,PORTAL,portal-app,8443,8443
+30226,DMAAP,message-router-external,3905,3905
+30228,APPC,appc-dgbuilder,3100,3000
+30229,AAI,aai-modelloader,8443,8443
+30230,APPC,appc,8443,8443
+30231,APPC,appc,1830,1830
+30233,AAI,aai,8443,8443
+30234,POMBA*),pomba-kibana,5601,5601
+30242,DMAAP,dmaap-bc,8443,8443
+30248,OOF,oof-osdf,8699,8698
+30249,POMBA*),pomba-data-router,9502,9502
+30251,AAF,aaf-gui,8200,8200
+30253,LOG*),log-kibana,5601,5601
+30254,LOG*),log-es,9200,9200
+30255,LOG*),log-ls,5044,5044
+30256,SDC,sdc-wfd-fe,8443,8443
+30257,SDC,sdc-wfd-be,8443,8443
+30258,CLAMP,clamp-external,2443,2443
+30260,CLI,cli,443,443
+30264,DCAE,sdc-dcae-fe,9444,9444
+30266,DCAE,sdc-dcae-dt,9446,9446
+30267,SDNC,sdnc,8443,8443
+30269,DMAAP,dmaapr-prov,443,8443
+30271,CLI,cli,9090,9090
+30274,EXTAPI,nbi,8443,8443
+30275,OOF,oof-has-api,8091,8091
+30277,SO,so,8080,8080
+30279,AAI,aai-babel,9516,9516
+30283,MSB,msb-iag,443,443
+30284,MSB,msb-eag,443,443
+30288,SNIRO*),sniro-emulator,9999,80
+30289,APPC,appc-cdt,18080,18080
+30290,CLAMP,cdash-kibana,5601,5601
+30297,VNFSDK,refrepo,8703,8703
+30299,POMBA*),pomba-networkdiscovery,8443,9531
+30398,UUI,uui,8443,8443
+30399,UUI,uui-server,8082,8082
+30406,SO,so-vnfm-adapter,9092,9092
+30407,MUSIC,music,8443,8443
+30417,DCAE,xdcae-ves-collector,8443,8443
+30418,DCAE,dashboard,8443,8443
+30420,NETBOX,netbox-nginx,8080,8080
+30478,AWX,awx-web,8080,80
+30490,DMAAP,message-router-kafka-0,9091,9091
+30491,DMAAP,message-router-kafka-1,9091,9091
+30492,DMAAP,message-router-kafka-2,9091,9091
+30494,DMAAP,dmaap-dr-node-external,8443,8443
+30497,CDS,cds-ui,3000,3000
\ No newline at end of file
--- /dev/null
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+ name: header-casing
+ namespace: istio-config
+spec:
+ configPatches:
+ - applyTo: CLUSTER
+ match:
+ context: SIDECAR_INBOUND
+ patch:
+ operation: MERGE
+ value:
+ typed_extension_protocol_options:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ use_downstream_protocol_config:
+ http_protocol_options:
+ header_key_format:
+ stateful_formatter:
+ name: preserve_case
+ typed_config:
+ '@type': type.googleapis.com/envoy.extensions.http.header_formatters.preserve_case.v3.PreserveCaseFormatterConfig
+ - applyTo: NETWORK_FILTER
+ match:
+ listener:
+ filterChain:
+ filter:
+ name: envoy.filters.network.http_connection_manager
+ patch:
+ operation: MERGE
+ value:
+ typed_config:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ http_protocol_options:
+ header_key_format:
+ stateful_formatter:
+ name: preserve_case
+ typed_config:
+ '@type': type.googleapis.com/envoy.extensions.http.header_formatters.preserve_case.v3.PreserveCaseFormatterConfig
\ No newline at end of file
--- /dev/null
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+ name: kiali-gateway
+spec:
+ selector:
+ istio: ingressgateway
+ servers:
+ - hosts:
+ - kiali.simpledemo.onap.org
+ port:
+ name: http
+ number: 80
+ protocol: HTTP
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+ name: kiali-service
+spec:
+ hosts:
+ - kiali.simpledemo.onap.org
+ gateways:
+ - kiali-gateway
+ http:
+ - route:
+ - destination:
+ port:
+ number: 20001
+ host: kiali
\ No newline at end of file
--- /dev/null
+apiVersion: kiali.io/v1alpha1
+kind: Kiali
+metadata:
+ name: kiali
+ namespace: istio-system
+ annotations:
+ ansible.operator-sdk/verbosity: "1"
+spec:
+ auth:
+ strategy: anonymous
+ istio_component_namespaces:
+ prometheus: monitoring
+ external_services:
+ grafana:
+ in_cluster_url: http://prometheus-stack-grafana.monitoring
+ prometheus:
+ url: http://prometheus-stack-kube-prom-prometheus.monitoring:9090
+ tracing:
+ in_cluster_url: http://istio-query.observability:16686
+ deployment:
+ accessible_namespaces: ["**"]
+ view_only_mode: false
+ server:
+ web_root: "/kiali"
\ No newline at end of file
## **Quick Start Guide**
+> **WARNING**: This README is no longer maintained and will be deprecated.
+> Please refer to the official OOM guide here - [OOM Guide](https://docs.onap.org/projects/onap-oom/en/latest/sections/oom_project_description.html)
+
This is a quick start guide describing how to deploy ONAP on Kubernetes using Helm.
matchLabels:
app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ {{- end }}
template:
metadata:
labels:
# default number of instances
replicaCount: 1
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
+
nodeSelector: {}
affinity: {}
aperture.service.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD})
{{ end }}
aperture.service.timeout-in-milliseconds=300000
+
+#To Expose the Prometheus scraping endpoint
+management.port=8448
+endpoints.enabled=false
+management.security.enabled=false
\ No newline at end of file
value: {{ .Values.service.internalPort | quote }}
- name: INTERNAL_PORT_2
value: {{ .Values.service.internalPort2 | quote }}
+ - name: INTERNAL_PORT_3
+ value: {{ .Values.service.internalPort3 | quote }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
+ - containerPort: {{ .Values.service.internalPort3 }}
lifecycle:
# wait for active requests (long-running tasks) to be finished
# Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.internalPort3 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
+ name: {{ .Values.service.portName3 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName3 }}
{{- end}}
selector:
app: {{ include "common.name" . }}
--- /dev/null
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
\ No newline at end of file
# Specifies which clients should always default to realtime graph connection
realtime:
- clients: SDNC,MSO,SO,robot-ete
+ clients: SDNC,-1|MSO,-1|SO,-1|robot-ete,-1
#################################################################
# Certificate configuration
internalPort: 8449
portName2: tcp-5005
internalPort2: 5005
+ portName3: aai-graphadmin-8448
+ internalPort3: 8448
terminationGracePeriodSeconds: 120
ingress:
memory: 2Gi
unlimited: {}
+metrics:
+ serviceMonitor:
+ enabled: false
+ targetPort: 8448
+ path: /prometheus
+ basicAuth:
+ enabled: false
+
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
+
+ relabelings: []
+
+ metricRelabelings: []
+
# Not fully used for now
securityContext:
user_id: *user_id
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ {{- end }}
selector:
matchLabels:
app: {{ include "common.name" . }}
# default number of instances
replicaCount: 1
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
+
nodeSelector: {}
affinity: {}
{{ end }}
#to expose the Prometheus scraping endpoint
+management.port=8448
+management.endpoints.enabled-by-default=false
+management.security.enabled=false
+endpoints.enabled=false
+endpoints.info.enabled=false
+endpoints.prometheus.enabled=false
+endpoints.health.enabled=false
+management.metrics.web.server.auto-time-requests=false
management.metrics.distribution.percentiles-histogram[http.server.requests]=true
-management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms
\ No newline at end of file
+management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms
+#Add common tag for grouping all aai related metrics
+management.metrics.tags.group_id=aai
+#It is not advisable to use labels to store dimensions with high cardinality. Enable this option only for debug purposes. For more information: https://github.com/micrometer-metrics/micrometer/issues/1584
+scrape.uri.metrics=false
\ No newline at end of file
value: {{ .Values.service.internalPort | quote }}
- name: INTERNAL_PORT_2
value: {{ .Values.service.internalPort2 | quote }}
+ - name: INTERNAL_PORT_3
+ value: {{ .Values.service.internalPort3 | quote }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
+ - containerPort: {{ .Values.service.internalPort3 }}
lifecycle:
# wait for active requests (long-running tasks) to be finished
# Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.internalPort3 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
+ name: {{ .Values.service.portName3 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName3 }}
{{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+ clusterIP: None
+ sessionAffinity: {{ .Values.service.sessionAffinity }}
--- /dev/null
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
\ No newline at end of file
internalPort: 8447
portName2: tcp-5005
internalPort2: 5005
+ portName3: aai-resources-8448
+ internalPort3: 8448
terminationGracePeriodSeconds: 120
+ sessionAffinity: None
ingress:
enabled: false
memory: 4Gi
unlimited: {}
+metrics:
+ serviceMonitor:
+ enabled: false
+ targetPort: 8448
+ path: /prometheus
+ basicAuth:
+ enabled: false
+ externalSecretName: mysecretname
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+
+ ## Namespace in which Prometheus is running
+ ##
+ # namespace: monitoring
+
+ ## Interval at which metrics should be scraped.
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ #interval: 30s
+
+ ## Timeout after which the scrape is ended
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ # scrapeTimeout: 10s
+
+ ## ServiceMonitor selector labels
+ ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
+ ##
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ relabelings: []
+
+ ## MetricRelabelConfigs to apply to samples before ingestion
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ metricRelabelings: []
+ # - sourceLabels:
+ # - "__name__"
+ # targetLabel: "__name__"
+ # action: replace
+ # regex: '(.*)'
+ # replacement: 'example_prefix_$1'
+
#Pods Service Account
serviceAccount:
nameOverride: aai-resources
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ {{- end }}
selector:
matchLabels:
app: {{ include "common.name" . }}
# default number of instances
replicaCount: 1
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
+
nodeSelector: {}
affinity: {}
resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
resources.client-cert-password=${KEYSTORE_PASSWORD}
{{ else }}
-resources.port=8080
+resources.port=80
resources.authType=HTTP_NOAUTH
{{ end }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ {{- end }}
selector:
matchLabels:
app: {{ include "common.name" . }}
subPath: logback.xml
ports:
- containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPlainPort }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
resources:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
- type: {{ .Values.service.type }}
ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
+ - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ {{- if eq .Values.service.type "NodePort" }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ ternary "s" "" (eq "true" (include "common.needTLS" .)) }}
- {{- end }}
+ {{- end }}
+ type: {{ .Values.service.type }}
selector:
app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
# default number of instances
replicaCount: 1
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
+
nodeSelector: {}
affinity: {}
service:
type: NodePort
portName: http
+ externalPort: 8000
internalPort: 8000
+ internalPlainPort: 9517
nodePort: 20
ingress:
schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD}
schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
{{ end }}
+
+#to expose the Prometheus scraping endpoint
+management.port=8448
+management.endpoints.enabled-by-default=false
+management.security.enabled=false
+endpoints.enabled=false
+endpoints.info.enabled=false
+endpoints.prometheus.enabled=false
+endpoints.health.enabled=false
+management.metrics.web.server.auto-time-requests=false
+management.metrics.distribution.percentiles-histogram[http.server.requests]=true
+management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms
+#Add common tag for grouping all aai related metrics
+management.metrics.tags.group_id=aai
+#It is not advisable to use labels to store dimensions with high cardinality. Enable this option only for debug purposes. For more information: https://github.com/micrometer-metrics/micrometer/issues/1584
+scrape.uri.metrics=false
\ No newline at end of file
value: {{ .Values.service.internalPort | quote }}
- name: INTERNAL_PORT_2
value: {{ .Values.service.internalPort2 | quote }}
+ - name: INTERNAL_PORT_3
+ value: {{ .Values.service.internalPort3 | quote }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
+ - containerPort: {{ .Values.service.internalPort3 }}
lifecycle:
# wait for active requests (long-running tasks) to be finished
# Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.internalPort3 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
+ name: {{ .Values.service.portName3 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName3 }}
{{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+ clusterIP: None
+ sessionAffinity: {{ .Values.service.sessionAffinity }}
--- /dev/null
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
\ No newline at end of file
# default number of instances
replicaCount: 1
+minReadySeconds: 10
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
+
nodeSelector: {}
affinity: {}
internalPort: 8446
portName2: tcp-5005
internalPort2: 5005
+ portName3: aai-traversal-8448
+ internalPort3: 8448
terminationGracePeriodSeconds: 120
+ sessionAffinity: None
ingress:
enabled: false
memory: 4Gi
unlimited: {}
+metrics:
+ serviceMonitor:
+ enabled: false
+ targetPort: 8448
+ path: /prometheus
+ basicAuth:
+ enabled: false
+ externalSecretName: mysecretname
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+
+ ## Namespace in which Prometheus is running
+ ##
+ # namespace: monitoring
+
+ ## Interval at which metrics should be scraped.
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ #interval: 30s
+
+ ## Timeout after which the scrape is ended
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ # scrapeTimeout: 10s
+
+ ## ServiceMonitor selector labels
+ ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
+ ##
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ relabelings: []
+
+ ## MetricRelabelConfigs to apply to samples before ingestion
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ metricRelabelings: []
+ # - sourceLabels:
+ # - "__name__"
+ # targetLabel: "__name__"
+ # action: replace
+ # regex: '(.*)'
+ # replacement: 'example_prefix_$1'
+
#Pods Service Account
serviceAccount:
nameOverride: aai-traversal
log /dev/log local0
stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin
stats timeout 30s
- user root
- group root
+ # it is required else pod will not come up
+ maxconn 50000
+ user haproxy
+ group haproxy
daemon
#################################
# Default SSL material locations#
mode http
option httplog
option ssl-hello-chk
- option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
+ option httpchk
+ http-check send meth GET uri /aai/util/echo ver HTTP/1.1 hdr Host aai hdr X-TransactionId haproxy-0111 hdr X-FromAppId haproxy hdr Accept application/json hdr Authorization 'Basic QUFJOkFBSQ=='
default-server init-addr none
# option dontlognull
# errorfile 400 /etc/haproxy/errors/400.http
timeout server 480000
timeout http-keep-alive 30000
+frontend stats
+ bind *:8448
+ http-request use-service prometheus-exporter if { path /metrics }
+ stats enable
+ stats uri /stats
+ stats refresh 10s
frontend IST_8443
mode http
capture response header Host len 100
option log-separate-errors
option forwardfor
+
+ http-request set-header X-Forwarded-Proto https
+ http-request add-header X-Forwarded-Port 8443
+
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used }
http-request set-header X-AAI-SSL %[ssl_fc]
{{- end }}
{{- end }}
- reqadd X-Forwarded-Proto:\ https
- reqadd X-Forwarded-Port:\ 8443
-
#######################
#ACLS FOR PORT 8446####
#######################
acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$
acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$
acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$
+ acl is_dsl path_reg -i ^/aai/v[0-9]+/dsl$
acl is_named-query path_beg -i /aai/search/named-query
acl is_search-model path_beg -i /aai/search/model
- use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model
+ use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model or is_dsl
default_backend IST_Default_8447
backend IST_Default_8447
balance roundrobin
+ stick-table type string len 100 size 200k expire 2m
+ stick on path
http-request set-header X-Forwarded-Port %[src_port]
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
- server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
+ server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
#######################
backend IST_AAI_8446
balance roundrobin
+ stick-table type string len 100 size 200k expire 2m
+ stick on path
http-request set-header X-Forwarded-Port %[src_port]
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
- server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
+ server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
listen IST_AAI_STATS
mode http
log /dev/log local0
stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin
stats timeout 30s
+ # it is required else pod will not come up
+ maxconn 50000
+ user haproxy
+ group haproxy
daemon
#################################
# Default SSL material locations#
{{- if ( include "common.needTLS" .) }}
option ssl-hello-chk
{{- end }}
- option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ QUFJOkFBSQ==
+ option httpchk
+ http-check send meth GET uri /aai/util/echo ver HTTP/1.1 hdr Host aai hdr X-TransactionId haproxy-0111 hdr X-FromAppId haproxy hdr Accept application/json hdr Authorization 'Basic QUFJOkFBSQ=='
default-server init-addr none
# option dontlognull
# errorfile 400 /etc/haproxy/errors/400.http
timeout server 480000
timeout http-keep-alive 30000
+frontend stats
+ bind *:8448
+ http-request use-service prometheus-exporter if { path /metrics }
+ stats enable
+ stats uri /stats
+ stats refresh 10s
frontend IST_8080
mode http
option log-separate-errors
option forwardfor
http-request set-header X-Forwarded-Proto http
- reqadd X-Forwarded-Proto:\ http
- reqadd X-Forwarded-Port:\ 8080
+ http-request set-header X-Forwarded-Proto http
+ http-request add-header X-Forwarded-Port 8080
#######################
#ACLS FOR PORT 8446####
capture response header Host len 100
option log-separate-errors
option forwardfor
+
+ http-request set-header X-Forwarded-Proto https
+ http-request add-header X-Forwarded-Port 8443
+
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used }
http-request set-header X-AAI-SSL %[ssl_fc]
{{- end }}
{{- end }}
- reqadd X-Forwarded-Proto:\ https
- reqadd X-Forwarded-Port:\ 8443
{{- end }}
#######################
backend IST_Default_8447
balance roundrobin
+ stick-table type string len 100 size 200k expire 2m
+ stick on path
http-request set-header X-Forwarded-Port %[src_port]
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
{{- if ( include "common.needTLS" .) }}
- server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
+ server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
{{- else }}
- server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447
+ server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447
{{- end }}
#######################
backend IST_AAI_8446
balance roundrobin
+ stick-table type string len 100 size 200k expire 2m
+ stick on path
http-request set-header X-Forwarded-Port %[src_port]
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
{{- if ( include "common.needTLS" .) }}
- server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
+ server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
{{- else }}
- server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446
+ server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446
{{- end }}
matchLabels:
app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ {{- end }}
template:
metadata:
labels:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
+ terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- command:
- /app/ready.py
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ requests:
+ memory: {{ .Values.haproxy.initContainers.resources.memory }}
+ cpu: {{ .Values.haproxy.initContainers.resources.cpu }}
+ limits:
+ memory: {{ .Values.haproxy.initContainers.resources.memory }}
+ cpu: {{ .Values.haproxy.initContainers.resources.cpu }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}"
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPlainPort }}
+ - containerPort: {{ .Values.metricsService.internalPort }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
type: {{ .Values.service.type }}
selector:
app: {{ include "common.name" . }}
+ clusterIP: {{ .Values.service.aaiServiceClusterIp }}
+ sessionAffinity: {{ .Values.service.sessionAffinity }}
---
apiVersion: v1
kind: Service
type: ClusterIP
selector:
app: {{ include "common.name" . }}
-
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}-metrics
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-metrics
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ ports:
+ - port: {{ .Values.metricsService.externalPort }}
+ targetPort: {{ .Values.metricsService.internalPort }}
+ name: {{ .Values.metricsService.portName }}
+ type: {{ .Values.metricsService.type }}
+ selector:
+ app: {{ include "common.name" . }}
+ clusterIP: None
\ No newline at end of file
--- /dev/null
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
\ No newline at end of file
# application image
dockerhubRepository: registry.hub.docker.com
-image: aaionap/haproxy:1.4.2
+image: onap/aai-haproxy:1.9.5
pullPolicy: Always
flavor: small
# default number of instances
replicaCount: 1
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
+
nodeSelector: {}
affinity: {}
# HAProxy configuration to block HTTP requests to AAI based on configurable URL patterns
haproxy:
+ initContainers:
+ resources:
+ memory: 100Mi
+ cpu: 50m
requestBlocking:
enabled: false
customConfigs: []
+ replicas:
+ aaiResources: 1
+ aaiTraversal: 1
# probe configuration parameters
liveness:
externalPlainPort: 80
internalPlainPort: 8080
nodeport: 33
+ aaiServiceClusterIp:
+ sessionAffinity: None
+
+metricsService:
+ type: ClusterIP
+ portName: prometheus
+ externalPort: 8448
+ internalPort: 8448
+
+metrics:
+ serviceMonitor:
+ enabled: false
+ targetPort: 8448
+ path: /metrics
+ basicAuth:
+ enabled: false
+
+ selector:
+ app: '{{ include "common.name" . }}-metrics'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
+
+ relabelings: []
+
+ metricRelabelings: []
ingress:
enabled: false
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: false
+tlsServer: true
# CMPv2 certificate
# It is used only when:
readinessCheck:
wait_for:
containers:
+ - aaf-cm
- dmaap-bc
- dmaap-provisioning-job
- message-router
- name: common
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: false
+tlsServer: true
secrets:
- uid: hv-ves-kafka-secret
create: true
# dependencies
+readinessCheck:
+ wait_for:
+ - aaf-cm
# probe configuration
readiness:
server.idleTimeoutSec: 300
server.listenPort: 6061
cbs.requestIntervalSec: 5
- security.sslDisable: true
+ security.sslDisable: false
security.keys.keyStoreFile: /etc/ves-hv/ssl/cert.jks
security.keys.keyStorePasswordFile: /etc/ves-hv/ssl/jks.pass
security.keys.trustStoreFile: /etc/ves-hv/ssl/trust.jks
key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass
trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks
trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass
- dmaap_dr_delete_endpoint: http://dmaap-dr-node:8080/delete
+ dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete
streams_publishes:
dmaap_publisher:
type: message_router
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: false
+tlsServer: true
# CMPv2 certificate
# It is used only when:
# dependencies
readinessCheck:
wait_for:
+ - aaf-cm
- message-router
# probe configuration
- name: common
version: ~12.x-0
repository: '@local'
- - name: dmaap-strimzi
- version: ~12.x-0
- repository: 'file://components/dmaap-strimzi'
- condition: dmaap-strimzi.enabled
- name: message-router
version: ~12.x-0
repository: 'file://components/message-router'
## Items below are passed through to Kafka's producer and consumer
## configurations (after removing "kafka.")
## if you want to change request.required.acks it can take this one value
-kafka.metadata.broker.list={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}:{{ .Values.global.kafkaInternalPort }}
-config.zk.servers=127.0.0.1:{{ .Values.global.zkTunnelService.internalPort }}
#kafka.request.required.acks=-1
+kafka.metadata.broker.list={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+config.zk.servers=127.0.0.1:{{ .Values.global.zkTunnelService.internalPort }}
consumer.timeout.ms=100
zookeeper.connection.timeout.ms=6000
zookeeper.session.timeout.ms=20000
- name: JAASLOGIN
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "mr-kafka-admin-secret" "key" "sasl.jaas.config") | indent 12 }}
- name: SASLMECH
- value: {{ .Values.global.saslMechanism }}
+ value: scram-sha-512
- name: enableCadi
value: "{{ .Values.global.aafEnabled }}"
- name: useZkTopicStore
#################################################################
global:
nodePortPrefix: 302
- kafkaBootstrap: strimzi-kafka-bootstrap
- saslMechanism: scram-sha-512
- kafkaInternalPort: 9092
zkTunnelService:
type: ClusterIP
name: zk-tunnel-svc
portName: tcp-zk-tunnel
internalPort: 2181
+zookeeper:
+ entrance:
+ image: scholzj/zoo-entrance:latest
+
#################################################################
# AAF part
#################################################################
image: onap/dmaap/dmaap-mr:1.4.3
pullPolicy: Always
-zookeeper:
- entrance:
- image: scholzj/zoo-entrance:latest
-
secrets:
- uid: mr-kafka-admin-secret
externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
aafEnabled: true
#Strimzi config
- kafkaBootstrap: strimzi-kafka-bootstrap
kafkaStrimziAdminUser: strimzi-kafka-admin
- kafkaInternalPort: 9092
- saslMechanism: scram-sha-512
#Component overrides
message-router:
# This override file is used to deploy a core configuration. It is based on
# minimal-onap.yaml and Orange accomplishments [1][2][3].
# It includes the following components:
-# AAI, DMAAP, SDC, SDNC, SO (+ Cassandra)
+# AAI, DMAAP Message Router, SDC, SDNC, SO (+ Cassandra), STRIMZI Kafka
#
# Minimal resources are also reviewed for the various containers
# AAI: no override => to be fixed
enabled: false
dmaap:
enabled: true
+ message-router:
+ enabled: true
+ dmaap-bc:
+ enabled: false
+ dmaap-dr-prov:
+ enabled: false
+ dmaap-dr-node:
+ enabled: false
log:
enabled: false
mariadb-galera:
openStackKeyStoneUrl: "$OPENSTACK_KEYSTONE_URL"
openStackServiceTenantName: "$OPENSTACK_TENANT_NAME"
openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD"
+strimzi:
+ enabled: true
+ replicaCount: 2
+ persistence:
+ kafka:
+ size: 1Gi
+ zookeeper:
+ size: 500Mbi
+ strimzi-kafka-bridge:
+ enabled: false
uui:
enabled: false
vid:
mariadb:
config:
mariadbRootPassword: password
+strimzi:
+ enabled: false
uui:
enabled: false
vfc:
enabled: false
so:
enabled: false
+strimzi:
+ enabled: false
uui:
enabled: false
vfc:
# This override file is used to deploy a minimal configuration to
# onboard and deploy a VNF.
# It includes the following components:
-# A&AI, Cassandra, DMAAP, Portal, Robot, SDC, SDNC, SO, VID
+# A&AI, Cassandra, DMAAP Message Router, Portal, Robot, SDC, SDNC, SO, STRIMZI Kafka, VID
#
# Minimal resources are also reviewed for the various containers
# A&AI: no override => to be fixed
enabled: false
dmaap:
enabled: true
+ message-router:
+ enabled: true
+ dmaap-bc:
+ enabled: false
+ dmaap-dr-prov:
+ enabled: false
+ dmaap-dr-node:
+ enabled: false
log:
enabled: false
mariadb-galera:
openStackKeyStoneUrl: "$OPENSTACK_KEYSTONE_URL"
openStackServiceTenantName: "$OPENSTACK_TENANT_NAME"
openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD"
+strimzi:
+ enabled: true
+ replicaCount: 1
+ persistence:
+ kafka:
+ size: 1Gi
+ zookeeper:
+ size: 500Mbi
+ strimzi-kafka-bridge:
+ enabled: false
uui:
enabled: false
vid:
enabled: false
dmaap:
enabled: true
+ message-router:
+ enabled: true
+ dmaap-bc:
+ enabled: false
+ dmaap-dr-prov:
+ enabled: false
+ dmaap-dr-node:
+ enabled: false
log:
enabled: true
sniro-emulator:
openStackServiceTenantName: "service"
openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
+strimzi:
+ enabled: true
+ strimzi-kafka-bridge:
+ enabled: false
uui:
enabled: true
vfc:
enabled: true
dmaap:
enabled: true
+ message-router:
+ enabled: true
+ dmaap-bc:
+ enabled: true
+ dmaap-dr-prov:
+ enabled: true
+ dmaap-dr-node:
+ enabled: true
oof:
enabled: true
msb:
enabled: true
strimzi:
enabled: true
+ strimzi-kafka-bridge:
+ enabled: true
uui:
enabled: true
vfc:
enabled: true
dmaap:
enabled: true
+ message-router:
+ enabled: true
+ dmaap-bc:
+ enabled: true
+ dmaap-dr-prov:
+ enabled: true
+ dmaap-dr-node:
+ enabled: true
oof:
enabled: true
msb:
enabled: true
strimzi:
enabled: true
+ strimzi-kafka-bridge:
+ enabled: true
uui:
enabled: true
vfc:
enabled: true
dmaap:
enabled: true
+ message-router:
+ enabled: true
+ dmaap-bc:
+ enabled: true
+ dmaap-dr-prov:
+ enabled: true
+ dmaap-dr-node:
+ enabled: true
oof:
enabled: true
msb:
enabled: true
strimzi:
enabled: true
+ strimzi-kafka-bridge:
+ enabled: true
uui:
enabled: true
vfc:
enabled: true
dmaap:
enabled: true
+ message-router:
+ enabled: true
+ dmaap-bc:
+ enabled: false
+ dmaap-dr-prov:
+ enabled: false
+ dmaap-dr-node:
+ enabled: false
log:
enabled: true
oof:
enabled: true
strimzi:
enabled: true
+ strimzi-kafka-bridge:
+ enabled: false
vid:
enabled: true
#
# Minimal resources are also reviewed for the various containers
# AAI: no override => to be fixed
-# DMAAP: no override # SO: no override
+# DMAAP: no override
+# SO: no override
# SDC: new values
# SDNC: no override
#
enabled: false
dcaegen2-services:
enabled: false
+dmaap:
+ enabled: true
+ message-router:
+ enabled: true
+ dmaap-bc:
+ enabled: true
+ dmaap-dr-prov:
+ enabled: true
+ dmaap-dr-node:
+ enabled: true
holmes:
enabled: false
log:
openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD"
strimzi:
enabled: true
+ strimzi-kafka-bridge:
+ enabled: true
uui:
enabled: false
vid:
enabled: false
cds:
enabled: true
-dmaap:
- enabled: true
- dmaap-bc:
- enabled: false
+
enabled: false
dmaap:
enabled: false
+ message-router:
+ enabled: false
+ dmaap-bc:
+ enabled: false
+ dmaap-dr-prov:
+ enabled: false
+ dmaap-dr-node:
+ enabled: false
# Today, "logging" chart that perform the central part of logging must also be
# enabled in order to make it work. So `logging.enabled` must have the same
-# value than centralizedLoggingEnabled
+# value as centralizedLoggingEnabled
log:
enabled: *centralizedLogging
sniro-emulator:
# server:
# monitoring:
# password: demo123456!
+
strimzi:
enabled: false
+ # Kafka replication & disk storage should be dimensioned
+ # according to each given system use case.
+ replicaCount: 3
+ persistence:
+ kafka:
+ size: 10Gi
+ zookeeper:
+ size: 1Gi
+ # Strimzi kafka bridge is an optional http api towards
+ # kafka provided by https://strimzi.io/docs/bridge/latest/
+ strimzi-kafka-bridge:
+ enabled: false
+
uui:
enabled: false
vfc:
enabled: false
a1policymanagement:
enabled: false
-
cert-wrapper:
enabled: true
repository-wrapper:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
+
+
args:
- --container-name
- "sdc-onboarding-be"
+ {{- if not .Values.global.kafka.useKafka }}
- --container-name
- "message-router"
+ {{- end }}
env:
- name: NAMESPACE
valueFrom:
valueFrom:
fieldRef:
fieldPath: status.podIP
+ {{- if .Values.global.kafka.useKafka }}
+ - name: SASL_JAAS_CONFIG
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-be-kafka-secret" "key" "sasl.jaas.config") | indent 12 }}
+ - name: USE_KAFKA
+ value: {{ .Values.global.kafka.useKafka | quote }}
+ {{- end }}
volumeMounts:
- name: sdc-environments
mountPath: /app/jetty/chef-solo/environments/
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.kafka.useKafka }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.global.kafka.sdcBeKafkaUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: {{ .Values.config.kafka.saslMech }}
+ authorization:
+ type: {{ .Values.config.kafka.authType }}
+ acls:
+ - resource:
+ type: group
+ name: {{ .Values.config.kafka.topicConsumer.groupId }}-{{ .Values.env.name }}
+ operation: Read
+ - resource:
+ type: topic
+ patternType: prefix
+ name: {{ .Values.config.kafka.topicConsumer.pattern }}
+ operation: All
+{{- end }}
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.global.kafka.useKafka }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: sdc-distro-notif-topic
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ topicName: {{ .Values.global.kafka.topics.sdcDistNotifTopic }}-{{ .Values.env.name }}
+ config:
+ retention.ms: {{ .Values.config.kafka.topicRetentionMs }}
+ segment.bytes: {{ .Values.config.kafka.topicSegmentBytes }}
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: sdc-distro-status-topic
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ topicName: {{ .Values.global.kafka.topics.sdcDistStatusTopic }}-{{ .Values.env.name }}
+ config:
+ retention.ms: {{ .Values.config.kafka.topicRetentionMs }}
+ segment.bytes: {{ .Values.config.kafka.topicSegmentBytes }}
+{{- end }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T, ZTE
+# Modifications Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
replicaCount: 3
clusterName: cassandra
dataCenter: Pod
+ # Strimzi kafka config
+ kafka:
+ useKafka: overridden-from-parent-values-yaml
+ sdcBeKafkaUser: overridden-from-parent-values-yaml
+ topics:
+ sdcDistNotifTopic: overridden-from-parent-values-yaml
+ sdcDistStatusTopic: overridden-from-parent-values-yaml
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-backend-all-plugins:1.11.9
-backendInitImage: onap/sdc-backend-init:1.11.9
+image: onap/sdc-backend-all-plugins:1.12.0
+backendInitImage: onap/sdc-backend-init:1.12.0
pullPolicy: Always
#################################################################
# SDC Config part
#################################################################
+
+secrets:
+ - uid: sdc-be-kafka-secret
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
+
config:
javaOptions: "-Xmx1536m -Xms1536m"
cassandraSslEnabled: "false"
+ # Strimzi kafka config
+ kafka:
+ saslMech: scram-sha-512
+ securityProtocol: SASL_PLAINTEXT
+ authType: simple
+ topicRetentionMs: 7200000
+ topicSegmentBytes: 1073741824
+ topicConsumer:
+ pattern: SDC-DIST
+ groupId: sdc
# default number of instances
replicaCount: 1
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.11.9
-cassandraInitImage: onap/sdc-cassandra-init:1.11.9
+image: onap/sdc-cassandra:1.12.0
+cassandraInitImage: onap/sdc-cassandra-init:1.12.0
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-frontend:1.11.9
+image: onap/sdc-frontend:1.12.0
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-onboard-backend:1.11.9
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.11.9
+image: onap/sdc-onboard-backend:1.12.0
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.12.0
pullPolicy: Always
# flag to enable debugging - application support required
"message-router.{{include "common.namespace" .}}"
]
},
+ "Kafka": {
+ "bootstrap": "{{ include "common.release" . }}-{{ .Values.global.kafka.kafkaBootstrap }}"
+ },
+ "DistributionTopics": {
+ "notificationTopicName": "{{ .Values.global.kafka.topics.sdcDistNotifTopic }}",
+ "statusTopicName": "{{ .Values.global.kafka.topics.sdcDistStatusTopic }}"
+ },
"Nodes": {
"CS": [
"{{.Values.global.sdc_cassandra.serviceName}}.{{include "common.namespace" .}}"
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T, ZTE
+# Modifications Copyright © 2021 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
clusterName: cassandra
dataCenter: Pod
centralizedLoggingEnabled: true
+ # Kafka config
+ kafka:
+ useKafka: true
+ sdcBeKafkaUser: sdc-be-kafka-user
+ kafkaBootstrap: strimzi-kafka-bootstrap:9092
+ topics:
+ sdcDistNotifTopic: SDC-DISTR-NOTIF-TOPIC
+ sdcDistStatusTopic: SDC-DISTR-STATUS-TOPIC
sdc-be:
logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc'
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.kafka.sdcBeKafkaUser }}'
sdc-fe:
logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc'
sdc-onboarding-be:
keyStorePassword: ${KEYSTORE_PASSWORD}
trustStore: ${TRUSTSTORE}
trustStorePassword: ${TRUSTSTORE_PASSWORD}
+ {{- else }}
+ ssl:
+ enabled: false
{{- end }}
tomcat:
max-threads: 50
# limitations under the License.
apiVersion: v2
-description: ONAP Strimzi kafka
+description: ONAP Strimzi Kafka
name: strimzi
version: 12.0.0
dependencies:
- name: common
version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: strimzi-kafka-bridge
+ version: ~12.x-0
+ repository: 'file://components/strimzi-kafka-bridge'
+ condition: strimzi-kafka-bridge.enabled
--- /dev/null
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+description: ONAP Strimzi Kafka Bridge
+name: strimzi-kafka-bridge
+version: 12.0.0
+
+dependencies:
+ - name: common
+ version: ~12.x-0
+ repository: '@local'
*/}}
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaBridge
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- replicas: {{ .Values.kafkaBridgeReplicaCount }}
- enableMetrics: false
- bootstrapServers: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}:{{ .Values.global.kafkaInternalPort }}
+ replicas: {{ .Values.replicaCount }}
+ bootstrapServers: {{ include "common.release" . }}-strimzi-kafka-bootstrap:{{ .Values.config.kafkaInternalPort }}
authentication:
- type: {{ .Values.global.saslMechanism }}
- username: {{ .Values.global.kafkaStrimziAdminUser }}
+ type: {{ .Values.config.saslMechanism }}
+ username: {{ .Values.config.strimziKafkaAdminUser }}
passwordSecret:
- secretName: {{ .Values.global.kafkaStrimziAdminUser }}
+ secretName: {{ .Values.config.strimziKafkaAdminUser }}
password: password
+ enableMetrics: {{ .Values.config.enableMetrics }}
http:
- port: {{ .Values.kafkaBridgePort }}
+ port: {{ .Values.config.port }}
# Global configuration defaults.
#################################################################
global:
- kafkaBootstrap: strimzi-kafka-bootstrap
- kafkaStrimziAdminUser: strimzi-kafka-admin
- kafkaInternalPort: 9092
- saslMechanism: scram-sha-512
#################################################################
# Application configuration defaults.
#################################################################
-kafkaBridgeReplicaCount: 1
-kafkaBridgePort: 8080
+replicaCount: 1
+config:
+ port: 8080
+ enableMetrics: false
+ # The following config should be set/overridden
+ # from parent chart kubernetes/strimzi/values.yaml
+ saslMechanism: parentValue
+ kafkaInternalPort: parentValue
+ strimziKafkaAdminUser: parentValue
-ingress:
- enabled: false
-
-#Pods Service Account
-serviceAccount:
- nameOverride: dmaap-strimzi
- roles:
- - read
+# nameOverride is required to avoid duplication
+# in pod and service names ie ...-bridge-bridge-{random hex}
+nameOverride: strimzi-kafka
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ include "common.replicaPV" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistenceKafka) }}
+{{ include "common.replicaPV" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistence.kafka) }}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
-{{ include "common.replicaPV" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistenceZk) }}
+{{ include "common.replicaPV" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistence.zookeeper) }}
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
- name: {{ .Values.kafkaStrimziAdminUser }}
+ name: {{ .Values.config.strimziKafkaAdminUser }}
labels:
strimzi.io/cluster: {{ include "common.release" . }}-strimzi
spec:
authentication:
- type: {{ .Values.saslMechanism }}
+ type: {{ .Values.config.saslMechanism }}
authorization:
- type: simple
+ type: {{ .Values.config.authType }}
acls:
- resource:
type: group
*/}}
apiVersion: kafka.strimzi.io/v1beta2
kind: Kafka
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
kafka:
- version: {{ .Values.version }}
+ version: {{ .Values.config.kafkaVersion }}
replicas: {{ .Values.replicaCount }}
listeners:
- name: plain
- port: {{ .Values.kafkaInternalPort }}
+ port: {{ .Values.config.kafkaInternalPort }}
type: internal
tls: false
authentication:
- type: {{ .Values.saslMechanism }}
+ type: {{ .Values.config.saslMechanism }}
- name: tls
port: 9093
type: internal
- broker: 2
nodePort: {{ .Values.global.nodePortPrefixExt }}92
authorization:
- type: simple
+ type: {{ .Values.config.authType }}
superUsers:
- - {{ .Values.kafkaStrimziAdminUser }}
+ - {{ .Values.config.strimziKafkaAdminUser }}
template:
pod:
securityContext:
fsGroup: 0
config:
default.replication.factor: {{ .Values.replicaCount }}
- min.insync.replicas: {{ .Values.replicaCount }}
+ min.insync.replicas: {{ (eq 1.0 (.Values.replicaCount)) | ternary 1 (sub .Values.replicaCount 1) }}
offsets.topic.replication.factor: {{ .Values.replicaCount }}
+ num.partitions: {{ mul .Values.replicaCount 2 }}
transaction.state.log.replication.factor: {{ .Values.replicaCount }}
- transaction.state.log.min.isr: {{ .Values.replicaCount }}
- log.message.format.version: {{ .Values.version }}
- inter.broker.protocol.version: {{ .Values.version }}
+ transaction.state.log.min.isr: {{ (eq 1.0 (.Values.replicaCount)) | ternary 1 (sub .Values.replicaCount 1) }}
+ log.message.format.version: {{ .Values.config.kafkaVersion }}
+ inter.broker.protocol.version: {{ .Values.config.kafkaVersion }}
storage:
type: jbod
volumes:
- id: 0
type: persistent-claim
- size: {{ .Values.persistenceKafka.size }}
+ size: {{ .Values.persistence.kafka.size }}
deleteClaim: true
- class: {{ include "common.storageClass" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistenceKafka) }}
+ class: {{ include "common.storageClass" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistence.kafka) }}
zookeeper:
template:
pod:
{{- end }}
storage:
type: persistent-claim
- size: {{ .Values.persistenceZk.size }}
+ size: {{ .Values.persistence.zookeeper.size }}
deleteClaim: true
- class: {{ include "common.storageClass" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistenceZk) }}
+ class: {{ include "common.storageClass" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistence.zookeeper) }}
entityOperator:
topicOperator: {}
userOperator: {}
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
-
#################################################################
# Application configuration defaults.
#################################################################
replicaCount: 3
-kafkaInternalPort: 9092
-saslMechanism: scram-sha-512
-version: 3.2.3
-kafkaStrimziAdminUser: strimzi-kafka-admin
-persistence: {}
+config:
+ kafkaVersion: 3.2.3
+ authType: simple
+ saslMechanism: &saslMech scram-sha-512
+ kafkaInternalPort: &plainPort 9092
+ strimziKafkaAdminUser: &adminUser strimzi-kafka-admin
-persistenceKafka:
- enabled: true
- size: 2Gi
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- mountPath: /dockerdata-nfs
- mountSubPath: strimzi-kafka/kafka
-persistenceZk:
- enabled: true
- size: 2Gi
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
+persistence:
+ enabled: &pvenabled true
mountPath: /dockerdata-nfs
- mountSubPath: strimzi-kafka/zk
+ kafka:
+ enabled: *pvenabled
+ # default values of 2Gi for dev env.
+ # Production values should be dimensioned according to requirements. ie >= 10Gi
+ size: 2Gi
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ mountPath: /dockerdata-nfs
+ mountSubPath: strimzi-kafka/kafka
+ zookeeper:
+ enabled: *pvenabled
+ size: 1Gi
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ mountPath: /dockerdata-nfs
+ mountSubPath: strimzi-kafka/zk
#Pods Service Account
serviceAccount:
nameOverride: strimzi-kafka
roles:
- read
+
+######################
+# Component overrides
+######################
+strimzi-kafka-bridge:
+ enabled: true
+ config:
+ saslMechanism: *saslMech
+ kafkaInternalPort: *plainPort
+ strimziKafkaAdminUser: *adminUser
\ No newline at end of file
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2022 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: uui-nlp
version: ~12.x-0
repository: 'file://components/uui-nlp'
+ - name: uui-intent-analysis
+ version: ~11.x-0
+ repository: 'file://components/uui-intent-analysis'
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
-# Copyright © 2022 Nordix Foundation
+# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v2
-description: ONAP Dmaap Strimzi Kafka Bridge
-name: dmaap-strimzi
-version: 12.0.0
+description: ONAP uui intent analysis
+name: uui-intent-analysis
+version: 11.0.0
dependencies:
- name: common
version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
+ - name: postgres
+ version: ~12.x-0
+ repository: '@local'
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
--- /dev/null
+/*
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2022 Huawei Technologies Co., Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+create table if not exists intent(
+ intent_id varchar(255) primary key,
+ intent_name varchar(255)
+);
+
+create table if not exists expectation(
+ expectation_id varchar(255) primary key,
+ expectation_name varchar(255),
+ expectation_type varchar(255),
+ intent_id varchar(255)
+);
+
+create table if not exists expectation_object(
+ object_id varchar(255) DEFAULT uuid_generate_v4 (),
+ primary key(object_id),
+ object_type varchar(255),
+ object_instance varchar(255),
+ expectation_id varchar(255)
+);
+
+create table if not exists expectation_target(
+ target_id varchar(255) primary key,
+ target_name varchar(255),
+ expectation_id varchar(255)
+);
+
+create table if not exists context(
+ context_id varchar(255) primary key,
+ context_name varchar(255),
+ parent_id varchar(255)
+);
+
+create table if not exists context_mapping(
+ context_id varchar(255) primary key,
+ parent_type varchar(255),
+ parent_id varchar(255)
+);
+
+create table if not exists fulfilment_info(
+ fulfilment_info_id varchar(255) primary key,
+ fulfilment_info_status varchar(255),
+ not_fulfilled_state varchar(255),
+ not_fulfilled_reason varchar(255)
+);
+
+create table if not exists state(
+ state_id varchar(255) primary key,
+ state_name varchar(255),
+ is_satisfied boolean,
+ condition varchar(255),
+ expectation_id varchar(255)
+);
+
+create table if not exists condition(
+ condition_id varchar(255) primary key,
+ condition_name varchar(255),
+ operator_type varchar(255),
+ condition_value varchar(255),
+ parent_id varchar(255)
+ );
+
+create table if not exists intent_management_function_reg_info(
+ imfr_info_id varchar(255) primary key,
+ imfr_info_description varchar(255),
+ support_area varchar(255),
+ support_model varchar(255),
+ support_interfaces varchar(255),
+ handle_name varchar(255),
+ intent_function_type varchar(255)
+ );
--- /dev/null
+{{/*
+#
+# Copyright (C) 2022 Huawei Technologies Co., Ltd. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+*/}}
+
+main_path="/home/uui"
+echo @main_path@ $main_path
+
+JAVA_PATH="$JAVA_HOME/bin/java"
+JAVA_OPTS="-Xms50m -Xmx128m"
+echo @JAVA_PATH@ $JAVA_PATH
+echo @JAVA_OPTS@ $JAVA_OPTS
+
+jar_path="$main_path/usecase-ui-intent-analysis.jar"
+echo @jar_path@ $jar_path
+
+echo "Starting usecase-ui-intent-analysis..."
+$JAVA_PATH $JAVA_OPTS -classpath $jar_path -jar $jar_path $SPRING_OPTS
--- /dev/null
+{{/*
+# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-entrypoint
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/entrypoint/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ command: ["sh", "-c"]
+ args:
+ - ". /uui/run.sh"
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ env:
+ - name: POSTGRES_IP
+ value: {{ .Values.postgres.service.name2 }}
+ - name: POSTGRES_PORT
+ value: "{{ .Values.postgres.service.externalPort }}"
+ - name: POSTGRES_DB_NAME
+ value: {{ .Values.postgres.config.pgDatabase }}
+ - name: POSTGRES_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: POSTGRES_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+{{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+{{- end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources:
+{{ include "common.resources" . }}
+{{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+{{- end }}
+{{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
+{{- end }}
+ volumeMounts:
+ - mountPath: /uui/run.sh
+ name: entrypoint
+ subPath: run.sh
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: entrypoint
+ configMap:
+ name: {{ include "common.fullname" . }}-entrypoint
+ defaultMode: 0755
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-init-postgres
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-job
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-job
+ release: {{ include "common.release" . }}
+ spec:
+ restartPolicy: Never
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - "{{ .Values.postgres.nameOverride }}"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}-job
+ image: {{ include "repositoryGenerator.image.postgres" . }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ env:
+ - name: PGUSER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: PGPASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ psql -h $(UUI_INTENT_PG_PRIMARY_SERVICE_HOST) -f /aaa/init/intent-analysis-init.sql -d {{ .Values.postgres.config.pgDatabase }}
+ volumeMounts:
+ - name: init-data
+ mountPath: /aaa/init/intent-analysis-init.sql
+ subPath: intent-analysis-init.sql
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ volumes:
+ - name: init-data
+ configMap:
+ name: {{ include "common.fullname" . }}
--- /dev/null
+{{/*
+# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for uui intent analysis.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+global:
+ passwordStrength: long
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: uui-intent-analysis
+ roles:
+ - read
+
+secrets:
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-uui-intent-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "uui-intent-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-uui-intent-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "uui-intent-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
+image: onap/usecase-ui-intent-analysis:5.1.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+flavor: small
+replicaCount: 1
+nodeSelector: {}
+affinity: {}
+
+service:
+ type: ClusterIP
+ name: uui-intent-analysis
+ ports:
+ - name: http-rest
+ port: &svc_port 8083
+
+liveness:
+ initialDelaySeconds: 120
+ port: *svc_port
+ periodSeconds: 10
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ port: *svc_port
+ periodSeconds: 10
+
+# application configuration override for postgres
+postgres:
+ nameOverride: &postgresName uui-intent-postgres
+ service:
+ name: *postgresName
+ name2: uui-intent-pg-primary
+ name3: uui-intent-pg-replica
+ container:
+ name:
+ primary: uui-intent-pg-primary
+ replica: uui-intent-pg-replica
+ config:
+ pgUserName: uui
+ pgDatabase: uuiintdb
+ pgUserExternalSecret: *pgUserCredsSecretName
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
+ persistence:
+ mountSubPath: uui/uuiintent/data
+ mountInitPath: uui
+
+readinessCheck:
+ wait_for:
+ containers:
+ - *postgresName
+
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 100m
+ memory: 250Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1000Mi
+ requests:
+ cpu: 200m
+ memory: 500Mi
+ unlimited: {}
Code Review / oom.git / commitdiff
