+# auto generated certificates
+kubernetes/platform/components/oom-cert-service/resources/*.jks
+kubernetes/platform/components/oom-cert-service/resources/*.p12
+kubernetes/platform/components/oom-cert-service/resources/*.crt
+
# Unit tests
__snapshot__
# Application
kubernetes/config/onap-parameters.yaml
kubernetes/dist/*
+kubernetes/common/dist/*
requirements.lock
**/charts/*.tgz
*.orig
repository: nexus3.onap.org:10001
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
# readiness check
- readinessRepository: oomk8s
+ readinessImage: onap/oom/readiness:3.0.1
# logging agent
loggingRepository: docker.elastic.co
--- /dev/null
+Project,ONAP Certificate,Own Certificate,MSB Certificate,Path
+AAF,No,Yes,No,aaf/charts/aaf-cert-service/resources/
+AAF,Yes,No,No,aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem
+AAI,Yes,No,No,aai/oom/resources/config/haproxy/aai.pem
+AAI,Yes,No,No,aai/oom/resources/config/aai/aai_keystore
+AAI/SEARCH-DATA,Yes,No,No,aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore
+AAI/SPARKY-BE,Yes,No,No,aai/oom/components/aai-spary-be/resources/config/auth/org.onap.aai.p12
+AAI/BABEL,No,Yes,No,aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore
+AAI/MODEL-LOADER,Yes,Yes,No,aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore
+APPC,Yes,No,No,kubernetes/appc/resources/config/certs/org.onap.appc.keyfile
+APPC,Yes,No,No,kubernetes/appc/resources/config/certs/org.onap.appc.p12
+certInitializer,Yes,No,No,kubernetes/common/certInitializer/resources
+MSB,Yes,No?,Yes,kubernetes/msb/resources/config/certificates
+MUSIC,Yes,No?,No?,kubernetes/common/music/charts/music/resources/keys/
+SDC,Yes,No?,No?,kubernetes/sdc/resources/cert
+SO,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/BPMN,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/Catalog,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/Monitoring,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/OpenStack,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/RequestDb,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/SDC,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/SDNC,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/VE/VNFM,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/VFC,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/VNFM,Yes,No?,Yes,kubernetes/so/resources/config/certificates
+SO/VNFM,No,Yes?,Yes,kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks
+VID,No,Yes,No,kubernetes/vid/resources/cert
+OOF/OOF-CMSO,Yes,No,No,kubernetes/oof/charts/oof-cmso/resources/certs
+OOF/OOF-HAS,Yes,No,No,kubernetes/oof/charts/oof-has/resources/config
+OOF/OOF-OSDF,Yes,No,No,kubernetes/oof/resources/config
+CLI,No,Yes,No,kubernetes/cli/resources/certificates
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
.. _master_index:
.. This work is licensed under a Creative Commons Attribution 4.0
.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2019 Amdocs, Bell Canada
+.. Copyright 2019-2020 Amdocs, Bell Canada, Orange, Samsung
.. _oom_cloud_setup_guide:
.. Links
.. - IBM, and
.. - `Openstack`_.
..
-.. #. Alternatively, OOM can be deployed on a private set of physical hosts or VMs
-.. (or even a combination of the two). The following guides describe how to
-.. create a Kubernetes cluster with popular tools:
+.. #. Alternatively, OOM can be deployed on a private set of physical hosts or
+.. VMs (or even a combination of the two). The following guides describe how
+.. to create a Kubernetes cluster with popular tools:
..
.. - `Setting up Kubernetes with Rancher`_ (recommended)
.. - `Setting up Kubernetes with Kubeadm`_
combination of the two). The following guide describe the recommended method to
setup a Kubernetes cluster: :ref:`onap-on-kubernetes-with-rancher`.
-There are alternative deployment methods described on the `Cloud Native Deployment Wiki`_
+There are alternative deployment methods described on the
+`Cloud Native Deployment Wiki`_
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
.. Links
.. _Helm: https://docs.helm.sh/
You can use either `charts` or `components` folder for your subcomponents.
`charts` folder means that the subcomponent will always been deployed.
-`components` folders means we can choose if we want to deploy the sub component.
+`components` folders means we can choose if we want to deploy the
+subcomponent.
This choice is done in root `values.yaml`:
app.kubernetes.io/instance: my-deployment-name-of-my-component
type: NodePort
-In the deployment or statefulSet file, you needs to set the good labels in order
-for the service to match the pods.
+In the deployment or statefulSet file, you needs to set the good labels in
+order for the service to match the pods.
-here's an example to be sure it matchs (for a statefulSet):
+here's an example to be sure it matches (for a statefulSet):
.. code-block:: yaml
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- so-mariadb
integration will be done:
A registrator to push the service endpoint info to MSB service
-discovery.
+discovery.
- The needed service endpoint info is put into the kubernetes yaml file
as annotation, including service name, Protocol,version, visual
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2018 Amdocs, Bell Canada, 2020 Nokia Solutions and Networks
.. Links
-.. _hardcoded-certiticates-label:
+.. _hardcoded-certificates-label:
ONAP Hardcoded certificates
###########################
ONAP current installation have hardcoded certificates.
Here's the list of these certificates:
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | Project | ONAP Certificate | Own Certificate | MSB Certificate | Path |
- +==================+==================+==================+=================+==========================================================================+
- | AAF | No | Yes | No | aaf/charts/aaf-cert-service/resources/ |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAF | Yes | No | No | aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAI | Yes | No | No | aai/oom/resources/config/haproxy/aai.pem |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAI | Yes | No | No | aai/oom/resources/config/aai/aai_keystore |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAI/SEARCH-DATA | Yes | No | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAI/SPARKY-BE | Yes | No | No | aai/oom/components/aai-spary-be/resources/config/auth/org.onap.aai.p12 |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAI/BABEL | No | Yes | No | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | AAI/MODEL-LOADER | Yes | Yes | No | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.keyfile |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.p12 |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | certInitializer | Yes | No | No | kubernetes/common/certInitializer/resources |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | MSB | Yes | No? | Yes | kubernetes/msb/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | MUSIC | Yes | No? | No? | kubernetes/common/music/charts/music/resources/keys/ |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SDC | Yes | No? | No? | kubernetes/sdc/resources/cert |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/BPMN | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/Catalog | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/Monitoring | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/OpenStack | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/RequestDb | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/SDC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/SDNC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/VE/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/VFC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | SO/VNFM | No | Yes? | Yes | kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | VID | No | Yes | No | kubernetes/vid/resources/cert |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | OOF/OOF-CMSO | Yes | No | No | kubernetes/oof/charts/oof-cmso/resources/certs |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | OOF/OOF-HAS | Yes | No | No | kubernetes/oof/charts/oof-has/resources/config |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | OOF/OOF-OSDF | Yes | No | No | kubernetes/oof/resources/config |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
- | CLI | No | Yes | No | kubernetes/cli/resources/certificates |
- +------------------+------------------+------------------+-----------------+--------------------------------------------------------------------------+
+.. csv-table::
+ :file: hardcoded_certificates.csv
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
.. _oom_project_description:
ONAP Operations Manager Project
- **Deploy** - with built-in component dependency management
- **Configure** - unified configuration across all ONAP components
-- **Monitor** - real-time health monitoring feeding to a Consul UI and Kubernetes
+- **Monitor** - real-time health monitoring feeding to a Consul UI and
+ Kubernetes
- **Heal**- failed ONAP containers are recreated automatically
- **Scale** - cluster ONAP services to enable seamless scaling
-- **Upgrade** - change-out containers or configuration with little or no service impact
+- **Upgrade** - change-out containers or configuration with little or no
+ service impact
- **Delete** - cleanup individual containers or entire deployments
OOM supports a wide variety of Kubernetes private clouds - built with Rancher,
-Kubeadm or Cloudify - and public cloud infrastructures such as: Microsoft Azure,
-Amazon AWS, Google GCD, VMware VIO, and Openstack.
+Kubeadm or Cloudify - and public cloud infrastructures such as: Microsoft
+Azure, Amazon AWS, Google GCD, VMware VIO, and OpenStack.
-The OOM documentation is broken into four different areas each targeted at a different user:
+The OOM documentation is broken into four different areas each targeted at a
+different user:
- :ref:`quick-start-label` - deploy ONAP on an existing cloud
- :ref:`user-guide-label` - a guide for operators of an ONAP instance
- :ref:`developer-guide-label` - a guide for developers of OOM and ONAP
-- :ref:`cloud-setup-guide-label` - a guide for those setting up cloud environments that ONAP will use
-- :ref:`hardcoded-certiticates-label` - the list of all hardcoded certificates sets in ONAP installation
+- :ref:`cloud-setup-guide-label` - a guide for those setting up cloud
+ environments that ONAP will use
+- :ref:`hardcoded-certificates-label` - the list of all hardcoded certificates
+ set in ONAP installation
The :ref:`release_notes` for OOM describe the incremental features per release.
.. This work is licensed under a
.. Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2019 Amdocs, Bell Canada
+.. Copyright 2019-2020 Amdocs, Bell Canada, Orange, Samsung
.. _oom_quickstart_guide:
.. _quick-start-label:
.. figure:: oomLogoV2-medium.png
:align: right
-Once a kubernetes environment is available (follow the instructions in
+Once a Kubernetes environment is available (follow the instructions in
:ref:`cloud-setup-guide-label` if you don't have a cloud environment
available), follow the following instructions to deploy ONAP.
> git clone -b <BRANCH> http://gerrit.onap.org/r/oom --recurse-submodules
> cd oom/kubernetes
-where <BRANCH> can be an offical release tag, such as
+where <BRANCH> can be an official release tag, such as
* 4.0.0-ONAP for Dublin
* 5.0.1-ONAP for El Alto
> sudo cp -R ~/oom/kubernetes/helm/plugins/ ~/.helm
-**Step 3.** Customize the helm charts like `oom/kubernetes/onap/values.yaml` or an override
-file like `onap-all.yaml`, `onap-vfw.yaml` or `openstack.yaml` file to suit your deployment
-with items like the OpenStack tenant information.
+**Step 3.** Customize the Helm charts like `oom/kubernetes/onap/values.yaml` or
+an override file like `onap-all.yaml`, `onap-vfw.yaml` or `openstack.yaml` file
+to suit your deployment with items like the OpenStack tenant information.
.. note::
Standard and example override files (e.g. `onap-all.yaml`, `openstack.yaml`) can be found in
the ``enabled: true/false`` flags.
- b. Encrypt the OpenStack password using the shell tool for robot and put it in
- the robot helm charts or robot section of `openstack.yaml`
+ b. Encrypt the OpenStack password using the shell tool for Robot and put it in
+ the Robot Helm charts or Robot section of `openstack.yaml`
- c. Encrypt the OpenStack password using the java based script for SO helm charts
+ c. Encrypt the OpenStack password using the java based script for SO Helm charts
or SO section of `openstack.yaml`.
- d. Update the OpenStack parameters that will be used by robot, SO and APPC helm
+ d. Update the OpenStack parameters that will be used by Robot, SO and APPC Helm
charts or use an override file to replace them.
e. Add in the command line a value for the global master password (global.masterPassword).
b. Generating ROBOT Encrypted Password:
-The ROBOT encrypted Password uses the same encryption.key as SO but an
+The Robot encrypted Password uses the same encryption.key as SO but an
openssl algorithm that works with the python based Robot Framework.
.. note::
- To generate ROBOT ``openStackEncryptedPasswordHere``::
+ To generate Robot ``openStackEncryptedPasswordHere``::
cd so/resources/config/mso/
/oom/kubernetes/so/resources/config/mso# echo -n "<openstack tenant password>" | openssl aes-128-ecb -e -K `cat encryption.key` -nosalt | xxd -c 256 -p``
c. Generating SO Encrypted Password:
The SO Encrypted Password uses a java based encryption utility since the
Java encryption library is not easy to integrate with openssl/python that
-ROBOT uses in Dublin and upper versions.
+Robot uses in Dublin and upper versions.
.. note::
To generate SO ``openStackEncryptedPasswordHere`` and ``openStackSoEncryptedPassword``
d. Update the OpenStack parameters:
-There are assumptions in the demonstration VNF heat templates about the networking
-available in the environment. To get the most value out of these templates and the
-automation that can help confirm the setup is correct, please observe the following
-constraints.
+There are assumptions in the demonstration VNF Heat templates about the
+networking available in the environment. To get the most value out of these
+templates and the automation that can help confirm the setup is correct, please
+observe the following constraints.
``openStackPublicNetId:``
- This network should allow heat templates to add interfaces.
- This need not be an external network, floating IPs can be assigned to the ports on
- the VMs that are created by the heat template but its important that neutron allow
- ports to be created on them.
+ This network should allow Heat templates to add interfaces.
+ This need not be an external network, floating IPs can be assigned to the
+ ports on the VMs that are created by the heat template but its important that
+ neutron allow ports to be created on them.
``openStackPrivateNetCidr: "10.0.0.0/16"``
- This ip address block is used to assign OA&M addresses on VNFs to allow ONAP connectivity.
- The demonstration heat templates assume that 10.0 prefix can be used by the VNFs and the
- demonstration ip addressing plan embodied in the preload template prevent conflicts when
- instantiating the various VNFs. If you need to change this, you will need to modify the preload
- data in the robot helm chart like integration_preload_parametes.py and the demo/heat/preload_data
- in the robot container. The size of the CIDR should be sufficient for ONAP and the VMs you expect
- to create.
+ This ip address block is used to assign OA&M addresses on VNFs to allow ONAP
+ connectivity. The demonstration Heat templates assume that 10.0 prefix can be
+ used by the VNFs and the demonstration ip addressing plan embodied in the
+ preload template prevent conflicts when instantiating the various VNFs. If
+ you need to change this, you will need to modify the preload data in the
+ Robot Helm chart like integration_preload_parameters.py and the
+ demo/heat/preload_data in the Robot container. The size of the CIDR should
+ be sufficient for ONAP and the VMs you expect to create.
``openStackOamNetworkCidrPrefix: "10.0"``
- This ip prefix mush match the openStackPrivateNetCidr and is a helper variable to some of the
- robot scripts for demonstration. A production deployment need not worry about this
- setting but for the demonstration VNFs the ip asssignment strategy assumes 10.0 ip prefix.
-
+ This ip prefix mush match the openStackPrivateNetCidr and is a helper
+ variable to some of the Robot scripts for demonstration. A production
+ deployment need not worry about this setting but for the demonstration VNFs
+ the ip asssignment strategy assumes 10.0 ip prefix.
Example Keystone v2.0
**Step 6.** Build a local Helm repository (from the kubernetes directory)::
- > make SKIP_LINT=TRUE all; make SKIP_LINT=TRUE onap
+ > make SKIP_LINT=TRUE [HELM_BIN=<HELM_PATH>] all ; make SKIP_LINT=TRUE [HELM_BIN=<HELM_PATH>] onap
+
+`HELM_BIN`
+ Sets the helm binary to be used. The default value use helm from PATH. Allow the user to have
+ multiple version of helm in operating system and choose which one to use.
**Step 7.** Display the onap charts that available to be deployed::
.. literalinclude:: helm-search.txt
.. note::
- The setup of the Helm repository is a one time activity. If you make changes to your deployment charts or values be sure to use ``make`` to update your local Helm repository.
+ The setup of the Helm repository is a one time activity. If you make changes
+ to your deployment charts or values be sure to use ``make`` to update your
+ local Helm repository.
**Step 8.** Once the repo is setup, installation of ONAP can be done with a
single command
> cd oom/kubernetes
> helm deploy dev local/onap --namespace onap --set global.masterPassword=myAwesomePasswordThatINeedToChange -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900
-All override files may be customized (or replaced by other overrides) as per needs.
+All override files may be customized (or replaced by other overrides) as per
+needs.
`onap-all.yaml`
- Enables the modules in the ONAP deployment. As ONAP is very modular, it is possible to customize ONAP and disable some components through this configuration file.
+ Enables the modules in the ONAP deployment. As ONAP is very modular, it is
+ possible to customize ONAP and disable some components through this
+ configuration file.
`onap-all-ingress-nginx-vhost.yaml`
- Alternative version of the `onap-all.yaml` but with global ingress controller enabled. It requires the cluster configured with the nginx ingress controller and load balancer.
- Please use this file instad `onap-all.yaml` if you want to use experimental ingress controller feature.
+ Alternative version of the `onap-all.yaml` but with global ingress controller
+ enabled. It requires the cluster configured with the nginx ingress controller
+ and load balancer. Please use this file instead `onap-all.yaml` if you want
+ to use experimental ingress controller feature.
`environment.yaml`
Includes configuration values specific to the deployment environment.
- Example: adapt readiness and liveness timers to the level of performance of your infrastructure
+ Example: adapt readiness and liveness timers to the level of performance of
+ your infrastructure
`openstack.yaml`
- Includes all the Openstack related information for the default target tenant you want to use to deploy VNFs from ONAP and/or additional parameters for the embedded tests.
+ Includes all the OpenStack related information for the default target tenant
+ you want to use to deploy VNFs from ONAP and/or additional parameters for the
+ embedded tests.
**Step 9.** Verify ONAP installation
-Use the following to monitor your deployment and determine when ONAP is ready for use::
+Use the following to monitor your deployment and determine when ONAP is ready
+for use::
> kubectl get pods -n onap -o=wide
> ~/oom/kubernetes/robot/ete-k8s.sh onap health
-**Step 10.** Undeploy ONAP::
+**Step 10.** Undeploy ONAP
+::
> helm undeploy dev --purge
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2020, Samsung Electronics
Ingress controller setup on HA Kubernetes Cluster
#################################################
-This guide provides instruction how to setup experimental ingress controller feature.
-For this, we are hosting our cluster on OpenStack VMs and using the Rancher Kubernetes Engine (RKE)
-to deploy and manage our Kubernetes Cluster and ingress controller
+This guide provides instruction how to setup experimental ingress controller
+feature. For this, we are hosting our cluster on OpenStack VMs and using the
+Rancher Kubernetes Engine (RKE) to deploy and manage our Kubernetes Cluster and
+ingress controller
.. contents::
:depth: 1
#. Customization of the cluster.yaml file for ingress controller support
-#. Installation and configuration test DNS server for ingress host resolution on testing machines
+#. Installation and configuration test DNS server for ingress host resolution
+ on testing machines
-#. Instalation and configuration MLB (Metal Load Balancer) required for exposing ingress service
+#. Installation and configuration MLB (Metal Load Balancer) required for
+ exposing ingress service
-#. Instalation and configuration NGINX ingress controller
+#. Installation and configuration NGINX ingress controller
-#. Additional info howto deploy onap with services exposed via Ingress controller
+#. Additional info how to deploy ONAP with services exposed via Ingress
+ controller
Customize cluster.yml file
-===========================
-Before setup cluster for ingress purposes DNS cluster IP and ingress provider should be configured and follwing:
+==========================
+Before setup cluster for ingress purposes DNS cluster IP and ingress provider
+should be configured and following:
.. code-block:: yaml
- <...>
- restore:
- restore: false
- snapshot_name: ""
- ingress:
- provider: none
- dns:
- provider: coredns
- upstreamnameservers:
- - <custer_dns_ip>:31555
-
-Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE node.
-
-For external load balacer purposes minimum one of the worker node should be configured with external IP
-address accessible outside the cluster. It can be done using the following example node configuration:
+
+ ---
+ <...>
+ restore:
+ restore: false
+ snapshot_name: ""
+ ingress:
+ provider: none
+ dns:
+ provider: coredns
+ upstreamnameservers:
+ - <custer_dns_ip>:31555
+
+Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE
+node.
+
+For external load balancer purposes, minimum one of the worker node should be
+configured with external IP address accessible outside the cluster. It can be
+done using the following example node configuration:
.. code-block:: yaml
- <...>
- - address: <external_ip>
- internal_address: <internal_ip>
- port: "22"
- role:
- - worker
- hostname_override: "onap-worker-0"
- user: ubuntu
- ssh_key_path: "~/.ssh/id_rsa"
- <...>
-Where the <external_ip> is external worker node IP address, and <internal_ip> is internal node IP address if it is required
+ ---
+ <...>
+ - address: <external_ip>
+ internal_address: <internal_ip>
+ port: "22"
+ role:
+ - worker
+ hostname_override: "onap-worker-0"
+ user: ubuntu
+ ssh_key_path: "~/.ssh/id_rsa"
+ <...>
+Where the <external_ip> is external worker node IP address, and <internal_ip>
+is internal node IP address if it is required.
-DNS server configuration and instalation
-========================
-DNS server deployed on the Kubernetes cluster makes it easy to use services exposed through ingress controller because it
-resolves all subdomain related to the onap cluster to the load balancer IP.
-Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts.
-Adding many entries into the configuration files on testing machines is quite problematic and error prone.
-The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster.
+DNS server configuration and installation
+=========================================
+DNS server deployed on the Kubernetes cluster makes it easy to use services
+exposed through ingress controller because it resolves all subdomain related to
+the ONAP cluster to the load balancer IP. Testing ONAP cluster requires a lot
+of entries on the target machines in the /etc/hosts. Adding many entries into
+the configuration files on testing machines is quite problematic and error
+prone. The better wait is to create central DNS server with entries for all
+virtual host pointed to simpledemo.onap.org and add custom DNS server as a
+target DNS server for testing machines and/or as external DNS for Kubernetes
+cluster.
-DNS server has automatic instalation and configuration script, so instalation is quite easy::
+DNS server has automatic installation and configuration script, so installation
+is quite easy::
- > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing
+ > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing
- > ./deploy\_dns.sh
+ > ./deploy\_dns.sh
After DNS deploy you need to setup DNS entry on the target testing machine.
Because DNS listen on non standard port configuration require iptables rules
-on the target machine. Please follow the configuation proposed by the deploy scripts
+on the target machine. Please follow the configuration proposed by the deploy
+scripts.
Example output depends on the IP address and example output looks like bellow::
-
- DNS server already deployed:
- 1. You can add the DNS server to the target machine using following commands:
- sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
- sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
- sudo sysctl -w net.ipv4.conf.all.route_localnet=1
- sudo sysctl -w net.ipv4.ip_forward=1
- 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
+ DNS server already deployed:
+ 1. You can add the DNS server to the target machine using following commands:
+ sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
+ sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
+ sudo sysctl -w net.ipv4.conf.all.route_localnet=1
+ sudo sysctl -w net.ipv4.ip_forward=1
+ 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
-MetalLB Load Balancer instalation and configuration
+MetalLB Load Balancer installation and configuration
====================================================
-By default pure Kubernetes cluster requires external load balancer if we want to expose
-external port using LoadBalancer settings. For this purpose MetalLB can be used.
-Before installing the MetalLB you need to ensure that at least one worker has assigned IP acessible outside the cluster.
+By default pure Kubernetes cluster requires external load balancer if we want
+to expose external port using LoadBalancer settings. For this purpose MetalLB
+can be used. Before installing the MetalLB you need to ensure that at least one
+worker has assigned IP accessible outside the cluster.
-MetalLB Load balanancer can be easily installed using automatic install script::
+MetalLB Load balancer can be easily installed using automatic install script::
- > cd kubernetes/contrib/metallb-loadbalancer-inst
+ > cd kubernetes/contrib/metallb-loadbalancer-inst
- > ./install-metallb-on-cluster.sh
+ > ./install-metallb-on-cluster.sh
-Configuration NGINX ingress controller
+Configuration Ngninx ingress controller
=======================================
-After installation DNS server and ingress controller we can install and configure ingress controller.
+After installation DNS server and ingress controller we can install and
+configure ingress controller.
It can be done using the following commands::
- > cd kubernetes/contrib/ingress-nginx-post-inst
+ > cd kubernetes/contrib/ingress-nginx-post-inst
- > kubectl apply -f nginx_ingress_cluster_config.yaml
+ > kubectl apply -f nginx_ingress_cluster_config.yaml
- > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml
+ > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml
-After deploy NGINX ingress controller you can ensure that the ingress port is exposed as load balancer service
-with external IP address::
+After deploy NGINX ingress controller you can ensure that the ingress port is
+exposed as load balancer service with external IP address::
- > kubectl get svc -n ingress-nginx
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- default-http-backend ClusterIP 10.10.10.10 <none> 80/TCP 25h
- ingress-nginx LoadBalancer 10.10.10.11 10.12.13.14 80:31308/TCP,443:30314/TCP 24h
+ > kubectl get svc -n ingress-nginx
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ default-http-backend ClusterIP 10.10.10.10 <none> 80/TCP 25h
+ ingress-nginx LoadBalancer 10.10.10.11 10.12.13.14 80:31308/TCP,443:30314/TCP 24h
ONAP with ingress exposed services
-=====================================
-If you want to deploy onap with services exposed through ingress controller you can use full onap deploy script::
- > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
+==================================
+If you want to deploy onap with services exposed through ingress controller you
+can use full onap deploy script::
+
+ > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
Ingress also can be enabled on any onap setup override using following code:
.. code-block:: yaml
- <...>
- #ingress virtualhost based configuration
- global:
- <...>
- ingress:
- enabled: true
+
+ ---
+ <...>
+ #ingress virtualhost based configuration
+ global:
+ <...>
+ ingress:
+ enabled: true
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
.. Links
.. _HELM Best Practices Guide: https://docs.helm.sh/chart_best_practices/#requirements
ONAP on HA Kubernetes Cluster
#############################
-This guide provides instructions on how to setup a Highly-Available Kubernetes Cluster.
-For this, we are hosting our cluster on OpenStack VMs and using the Rancher Kubernetes Engine (RKE)
-to deploy and manage our Kubernetes Cluster.
+This guide provides instructions on how to setup a Highly-Available Kubernetes
+Cluster. For this, we are hosting our cluster on OpenStack VMs and using the
+Rancher Kubernetes Engine (RKE) to deploy and manage our Kubernetes Cluster.
.. contents::
:depth: 1
#. Installation and configuration of kubectl
-#. Installation and configuration of helm
+#. Installation and configuration of Helm
#. Creation of an NFS Server to be used by ONAP as shared persistance
-There are many ways one can execute the above steps. Including automation through the use of HEAT to setup the OpenStack VMs.
-To better illustrate the steps involved, we have captured the manual creation of such an environment using the ONAP Wind River Open Lab.
+There are many ways one can execute the above steps. Including automation
+through the use of HEAT to setup the OpenStack VMs. To better illustrate the
+steps involved, we have captured the manual creation of such an environment
+using the ONAP Wind River Open Lab.
Create Key Pair
===============
.. image:: images/keys/key_pair_1.png
.. Note::
- If you're creating a new Key Pair, ensure to create a local copy of the Private Key through the use of "Copy Private Key to Clipboard".
+ If you're creating a new Key Pair, ensure to create a local copy of the
+ Private Key through the use of "Copy Private Key to Clipboard".
For the purpose of this guide, we will assume a new local key called "onap-key"
-has been downloaded and is copied into **~/.ssh/**, from which it can be referenced.
+has been downloaded and is copied into **~/.ssh/**, from which it can be
+referenced.
Example::
Create Kubernetes Worker VMs
============================
The following instructions describe how to create OpenStack VMs to host the
-Highly-Available Kubernetes Workers. ONAP workloads will only be scheduled on these nodes.
+Highly-Available Kubernetes Workers. ONAP workloads will only be scheduled on
+these nodes.
Launch new VM instances
-----------------------
-The number and size of Worker VMs is depenedent on the size of the ONAP deployment.
-By default, all ONAP applications are deployed. It's possible to customize the deployment
-and enable a subset of the ONAP applications. For the purpose of this guide, however,
-we will deploy 12 Kubernetes Workers that have been sized to handle the entire ONAP
-application workload.
+The number and size of Worker VMs is dependent on the size of the ONAP
+deployment. By default, all ONAP applications are deployed. It's possible to
+customize the deployment and enable a subset of the ONAP applications. For the
+purpose of this guide, however, we will deploy 12 Kubernetes Workers that have
+been sized to handle the entire ONAP application workload.
.. image:: images/wk_vms/worker_1.png
Apply customization script for Kubernetes VM(s)
-----------------------------------------------
-Click :download:`openstack-k8s-workernode.sh <openstack-k8s-workernode.sh>` to download the
-script.
+Click :download:`openstack-k8s-workernode.sh <openstack-k8s-workernode.sh>` to
+download the script.
.. literalinclude:: openstack-k8s-workernode.sh
:language: bash
https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/linux/amd64/kubectl
https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/darwin/amd64/kubectl
-You only need to install kubectl where you'll launch kubernetes command. This
-can be any machines of the kubernetes cluster or a machine that has IP access
+You only need to install kubectl where you'll launch Kubernetes command. This
+can be any machines of the Kubernetes cluster or a machine that has IP access
to the APIs.
Usually, we use the first controller as it has also access to internal
Kubernetes services, which can be convenient.
Apply customization script for NFS Server VM
--------------------------------------------
-Click :download:`openstack-nfs-server.sh <openstack-nfs-server.sh>` to download the
-script.
+Click :download:`openstack-nfs-server.sh <openstack-nfs-server.sh>` to download
+the script.
.. literalinclude:: openstack-nfs-server.sh
:language: bash
ONAP Deployment via OOM
=======================
-Now that kubernetes and Helm are installed and configured you can prepare to
+Now that Kubernetes and Helm are installed and configured you can prepare to
deploy ONAP. Follow the instructions in the README.md_ or look at the official
documentation to get started:
-.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2018 Amdocs, Bell Canada
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
.. _oom_user_guide:
.. Links
- Monitor_ - real-time health monitoring feeding to a Consul UI and Kubernetes
- Heal_- failed ONAP containers are recreated automatically
- Scale_ - cluster ONAP services to enable seamless scaling
-- Upgrade_ - change-out containers or configuration with little or no service impact
+- Upgrade_ - change-out containers or configuration with little or no service
+ impact
- Delete_ - cleanup individual containers or entire deployments
.. figure:: oomLogoV2-Deploy.png
Then build your local Helm repository::
- > make SKIP_LINT=TRUE all
+ > make SKIP_LINT=TRUE [HELM_BIN=<HELM_PATH>] all
+
+`HELM_BIN`
+ Sets the helm binary to be used. The default value use helm from PATH. Allow the user to have
+ multiple version of helm in operating system and choose which one to use.
The Helm search command reads through all of the repositories configured on the
system, and looks for matches::
------------------------------------------------------------
The ONAP deployment created by OOM operates in a private IP network that isn't
-publicly accessible (i.e. Openstack VMs with private internal network) which
+publicly accessible (i.e. OpenStack VMs with private internal network) which
blocks access to the ONAP Portal. To enable direct access to this Portal from a
user's own environment (a laptop etc.) the portal application's port 8989 is
exposed through a `Kubernetes LoadBalancer`_ object.
Typically, to be able to access the Kubernetes nodes publicly a public address
-is assigned. In Openstack this is a floating IP address.
+is assigned. In OpenStack this is a floating IP address.
When the `portal-app` chart is deployed a Kubernetes service is created that
instantiates a load balancer. The LB chooses the private interface of one of
the nodes as in the example below (10.0.0.4 is private to the K8s cluster only).
Then to be able to access the portal on port 8989 from outside the K8s &
-Openstack environment, the user needs to assign/get the floating IP address that
+OpenStack environment, the user needs to assign/get the floating IP address that
corresponds to the private IP as follows::
> kubectl -n onap get services|grep "portal-app"
In this example, use the 10.0.0.4 private address as a key find the
corresponding public address which in this example is 10.12.6.155. If you're
-using OpenStack you'll do the lookup with the horizon GUI or the Openstack CLI
+using OpenStack you'll do the lookup with the horizon GUI or the OpenStack CLI
for your tenant (openstack server list). That IP is then used in your
`/etc/hosts` to map the fixed DNS aliases required by the ONAP Portal as shown
below::
All highly available systems include at least one facility to monitor the
health of components within the system. Such health monitors are often used as
-inputs to distributed coordination systems (such as etcd, zookeeper, or consul)
-and monitoring systems (such as nagios or zabbix). OOM provides two mechanisms
+inputs to distributed coordination systems (such as etcd, Zookeeper, or Consul)
+and monitoring systems (such as Nagios or Zabbix). OOM provides two mechanisms
to monitor the real-time health of an ONAP deployment:
- a Consul GUI for a human operator or downstream monitoring systems and
To upgrade a component to a new version with a new configuration file enter::
- > helm deploy onbap onap/so --version 2.0.2 -f environments/demo.yaml
+ > helm deploy onap onap/so --version 2.0.2 -f environments/demo.yaml
To fetch release history enter::
**Platform Resiliency**
* Documenation of a Highly-Available Kubernetes Cluster Deployment
-* Availability of a Default Storage Class Provisioner for improved Persistent Storage resiliency
+* Availability of a Default Storage Class Provisioner for improved Persistent
+ Storage resiliency
* Availability of a CNI reference integration for Multi-site support
- * applications can take advantage of multi-site by using POD and/or Node (anti)affinity, taints/tolerations, labels per application
+ * applications can take advantage of multi-site by using POD and/or Node
+ (anti)affinity, taints/tolerations, labels per application
**Footprint Optimization**
Summary
-------
-The focus of this release was on maintanence and as such no new features were delivered.
+The focus of this release was on maintanence and as such no new features were
+delivered.
A list of issues resolved in this release can be found here: https://jira.onap.org/projects/OOM/versions/10726
**New Features**
version 2.2.2 in global part of override file if the new check is needed.
- `OOM-2421 <https://jira.onap.org/browse/OOM-2421>`_ Workaround is to
undeploy/redeploy NBI.
-- `OOM-2422 <https://jira.onap.org/browse/OOM-2421>`_ Workaround is to create
+- `OOM-2422 <https://jira.onap.org/browse/OOM-2422>`_ Workaround is to create
first portal app service with service type Cluster IP then changing it to
NodePort or LoadBalancer so all the port are available.
OUTPUT_DIR := $(ROOT_DIR)/dist
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
+HELM_BIN := helm
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+# use this if you would like to push onap charts to repo with other name
+# WARNING: Helm v3+ only
+# WARNING: Make sure to edit also requirements files
+HELM_REPO := local
ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := helm lint
+ HELM_LINT_CMD := $(HELM_BIN) lint
else
HELM_LINT_CMD := echo "Skipping linting of"
endif
EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS)
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PARENT_CHART)
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+.PHONY: $(EXCLUDES) $(HELM_CHARTS) check-for-staging-images
-all: $(COMMON_CHARTS_DIR) $(SUBMODS) $(HELM_CHARTS) plugins
+all: $(COMMON_CHARTS_DIR) $(SUBMODS) $(HELM_CHARTS) helm-repo-update plugins
$(COMMON_CHARTS):
@echo "\n[$@]"
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
@if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
- @helm repo index $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME $(HELM_REPO); fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+endif
clean:
@rm -f */requirements.lock
# publish helm plugins via distrubtion directory
plugins:
- @cp -R helm $(PACKAGE_DIR)/
+ @cp -R $(HELM_BIN) $(PACKAGE_DIR)/
# start up a local helm repo to serve up helm chart packages
+# WARNING: Only helm < v3 supported
repo:
@mkdir -p $(PACKAGE_DIR)
- @helm serve --repo-path $(PACKAGE_DIR) &
+ @$(HELM_BIN) serve --repo-path $(PACKAGE_DIR) &
@sleep 3
- @helm repo index $(PACKAGE_DIR)
- @helm repo add local http://127.0.0.1:8879
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo add local http://127.0.0.1:8879
# stop local helm repo
+# WARNING: Only helm < v3 supported
repo-stop:
- @pkill helm
- @helm repo remove local
+ @pkill $(HELM_BIN)
+ @$(HELM_BIN) repo remove local
+
+check-for-staging-images:
+ $(ROOT_DIR)/contrib/tools/check-for-staging-images.sh
+
+helm-repo-update:
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @$(HELM_BIN) repo update
+endif
+
%:
@:
--- /dev/null
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: v1
+appVersion: "1.0.0"
+description: A Helm chart for A1 Policy Management Service
+name: a1policymanagement
+version: 6.0.0
--- /dev/null
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{
+ "config": {
+ "controller": [
+ {
+ "name": "controller1",
+ "baseUrl": "{{ .Values.sdncLink }}",
+ "userName": "${A1CONTROLLER_USER}",
+ "password": "${A1CONTROLLER_PASSWORD}"
+ }
+ ],
+ "ric": [
+ {
+ "name": "ric1",
+ "baseUrl": "{{ .Values.ricLink }}",
+ "controller": "controller1",
+ "managedElementIds": [
+ "kista_1",
+ "kista_2"
+ ]
+ }
+ ],
+ "streams_publishes": {
+ "dmaap_publisher": {
+ "type": "message_router",
+ "dmaap_info": {
+ "topic_url": "{{ .Values.streamPublish }}"
+ }
+ }
+ },
+ "streams_subscribes": {
+ "dmaap_subscriber": {
+ "type": "message_router",
+ "dmaap_info": {
+ "topic_url": "{{ .Values.streamSubscribe }}"
+ }
+ }
+ }
+ }
+}
--- /dev/null
+#!/bin/sh
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+terminate() {
+ echo "$(date) | INFO | Terminating child processes"
+ pids="$(jobs -p)"
+ if [ "$pids" != "" ]; then
+ kill -TERM $pids >/dev/null 2>/dev/null
+ fi
+ wait
+}
+
+trap terminate TERM
+echo "$(date) | INFO | Started monitoring /config-input/ directory"
+inotifyd /tmp/scripts/update_files /config-input/ &
+wait
--- /dev/null
+#!/bin/sh
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+if [ "$1" == "y" ] && [ "$3" == "..data" ]; then
+ echo "$(date) | INFO | Configmap has been reloaded"
+ cd /config-input
+ for file in $(ls -1); do
+ if [ "$file" -nt "/config/$file" ]; then
+ echo "$(date) | INFO | Templating /config/$file"
+ envsubst <$file >/config/$file
+ fi
+ done
+fi
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+ name: {{ include "common.fullname" . }}-policy-conf
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# Copyright © 2020 Samsung Electronics, Modifications #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+kind: Deployment
+apiVersion: apps/v1
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ index .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-bootstrap-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; chmod o+w /config/${PFILE}; done"
+ env:
+ - name: A1CONTROLLER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
+ - name: A1CONTROLLER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: {{ include "common.fullname" . }}-policy-conf-input
+ - mountPath: /config
+ name: config
+ containers:
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ runAsGroup: {{ .Values.groupID }}
+ runAsUser: {{ .Values.userID }}
+ runAsNonRoot: true
+ command:
+ - sh
+ args:
+ - /tmp/scripts/daemon.sh
+ env:
+ - name: A1CONTROLLER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
+ - name: A1CONTROLLER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /tmp/scripts
+ name: {{ include "common.fullname" . }}-envsubst-scripts
+ - mountPath: /config-input
+ name: {{ include "common.fullname" . }}-policy-conf-input
+ - mountPath: /config
+ name: config
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ livenessProbe:
+ httpGet:
+ path: /status
+ port: {{ .Values.liveness.port }}
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ volumeMounts:
+ - name: config
+ mountPath: /opt/app/policy-agent/data
+ resources: {{ include "common.resources" . | nindent 10 }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-policy-conf-input
+ configMap:
+ name: {{ include "common.fullname" . }}-policy-conf
+ defaultMode: 0555
+ - name: {{ include "common.fullname" . }}-envsubst-scripts
+ configMap:
+ name: {{ include "common.fullname" . }}-envsubst-scripts
+ - name: config
+ emptyDir:
+ medium: Memory
--- /dev/null
+{{/*
+################################################################################
+# Copyright © 2020 Samsung Electronics #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+ name: {{ include "common.fullname" . }}-envsubst-scripts
+data:
+{{ tpl (.Files.Glob "resources/envsubst/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+################################################################################
+# Copyright (c) 2020 Nordix Foundation. #
+# Copyright © 2020 Samsung Electronics, Modifications #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+# Default values for Policy Management Service.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+global:
+ nodePortPrefix: 302
+
+secrets:
+ - uid: controller-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.a1controller.credsExternalSecret) . }}'
+ login: '{{ .Values.a1controller.user }}'
+ password: '{{ .Values.a1controller.password }}'
+ passwordPolicy: required
+
+image: onap/ccsdk-oran-a1policymanagementservice:1.0.1
+userID: 1000 #Should match with image-defined user ID
+groupID: 999 #Should match with image-defined group ID
+pullPolicy: IfNotPresent
+replicaCount: 1
+
+service:
+ type: NodePort
+ name: a1policymanagement
+ both_tls_and_plain: true
+ ports:
+ - name: api
+ port: 8433
+ plain_port: 8081
+ port_protocol: http
+ nodePort: '94'
+
+# SDNC Credentials are used here
+a1controller:
+ user: admin
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+sdncLink: https://sdnc.onap:8443
+# Add your own A1 Mediator link. Supports both STD & OSC Version. ex. http://<ip>:<port>
+# Alternatively you can also use the A1 simulator available in ORAN. It provides STD & OSC Version for A1 termination.
+# Refer source code & run in docker container : https://gerrit.o-ran-sc.org/r/admin/repos/sim/a1-interface
+# Refer it/dep repo for k8's deployment: https://gerrit.o-ran-sc.org/r/admin/repos/it/dep
+ricLink:
+streamPublish: http://message-router:3904/events/A1-POLICY-AGENT-WRITE
+streamSubscribe: http://message-router:3904/events/A1-POLICY-AGENT-READ/users/policy-agent?timeout=15000&limit=100
+
+liveness:
+ port: api
+ initialDelaySeconds: 60
+ periodSeconds: 10
+readiness:
+ port: api
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+#Resource Limit flavor -By Default using small
+flavor: small
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj
\ No newline at end of file
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
- @helm repo index $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
- @helm repo index $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
- |
chown -R 1000:1000 /opt/app/aaf/status
chown -R 1000:1000 /var/lib/cassandra
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: /var/lib/cassandra
memory: 100Mi
containers:
- name: {{ include "common.name" . }}
- image: {{ include "common.repository" . }}/{{ .Values.image }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# installing with cmd "onap" will not only initialize the DB, but add ONAP bootstrap data as well
command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","onap"]
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
# limitations under the License.
global:
nodePortPrefix: 302
- # Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- # Ubuntu Init image
- ubuntuInitRepository: registry.hub.docker.com
- ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
- # Logging image
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- # BusyBox image
- busyboxRepository: registry.hub.docker.com
- busyboxImage: library/busybox:1.31
persistence:
enabled: true
# Standard OOM
pullPolicy: "Always"
- repository: "nexus3.onap.org:10001"
flavor: small
+++ /dev/null
-# Copyright © 2020 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP AAF Cert Service
-name: aaf-cert-service
-version: 6.0.0
+++ /dev/null
- # Copyright © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
- dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFnjCCA4agAwIBAgIEDQtWKTANBgkqhkiG9w0BAQwFADB3MQswCQYDVQQGEwJV\r
-UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZyYW5jaXNjbzEZ\r
-MBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05BUDERMA8GA1UE\r
-AxMIb25hcC5vcmcwHhcNMjAwNzA5MDgwNDE1WhcNMzAwNzA3MDgwNDE1WjB3MQsw\r
-CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZy\r
-YW5jaXNjbzEZMBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05B\r
-UDERMA8GA1UEAxMIb25hcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK\r
-AoICAQCkxel9G29Hgy9j7cEQ0BGlPrP9s1SF3ADe7f56jTjQd/jFUsN67Da+l9Dt\r
-vy1yUwPnTr3krpXOHwQKplsuBDMoa0ayRhqUpp6fuSuu/zgGJOQIe7NlJh9FbYfq\r
-ax0nHO8qtwd+eTUCqkwVfOFZpDFwR7Ss73Z++14Em8TgFiIsTlBV1sa/xRWLT9JL\r
-Sqnr0tQiUJewO6sCUsis+U7kEf+QCueJAktMxR70rQcAJ2gd/zlnIaoaL4rF+MU8\r
-xlbEfMK/rxC6jeVm3oJu4ihjDKj1V6PDyEtzjsWQFtM+y6wgd98Kxt+0mHW3mZZ0\r
-+Ul0fHSE0fRNp8qEMOUKYFbCffWBrMBZaOaUy6FSnnGi8frv7WqJXNiO2lClhsN1\r
-2yA1HgiorhK9sXjVdwsjTmJhOdvn5sla22+QXrobNflHZHo8JhWHpZ9RbBWAZdaa\r
-FrEizBoDnkpdaNb2PykYjqPo8D1Y/lOSDOg32wOW50F6bZg3yyQzFe0+PsAPK/u+\r
-b8THRJhkbXYvcAoDQv785aXoaa0mVg+yAvz6dorchJkViaOvUlNl+DNNKGJb1hWc\r
-KWLU1SpH7I9QWQYGExFEzsg4Wv2ErGponSoecAm+IM23mn/fhGrwv1r/bl5WR++5\r
-5nUIAbPysz3yQoMllSsBBOpuSsCLo1KQqQeQxnTwFxLS0Ag2SwIDAQABozIwMDAd\r
-BgNVHQ4EFgQUff+Pkp90yZtYsNvFGhq6SBdL+f0wDwYDVR0TAQH/BAUwAwEB/zAN\r
-BgkqhkiG9w0BAQwFAAOCAgEAAWzAQxiJb+3WiXnVC0AeQ2GBnj3JNWI13WE1VJ1a\r
-+hsKAGHk6ACzsGfN0BiGp81Bt/4y+AinWTPI0xnuYqfJHS8/7sEvC7aSzmR0TsuM\r
-u7xOYCiczoEwlM2YoFt1dRWt+ve6EZgTXzBSm75to7F3HS0dZzRaEKxyOA3ONFHT\r
-tGgT+u7851qJQvNVwTOt54C7/PZ9Me5y98sosiGbp0USKroJbiMXHzIligp8s1uT\r
-+Pm581C8YTVHKciR/4fhChu+tx39ZR2p4AoJFjEvgcWqYy+sOyn+Z8sWWLoj3dFk\r
-xjdpSRLPI771ihGdV2JXwgzN1ei8OvUzrW1a1gLZkZ1ZWtK4rwpJteFh4YW/wuDb\r
-dKElfqXJITmOEO+uT4cJ5+hGa3rl6asxbEJ6vhy7SZPOzgM1uAjRT1MpBtG/ZPY5\r
-mOkjzNbjlNsgwJNkuXCi4+3DWNC3QNrIqm825Wdr79TM3kYGfkK/ngargA0z0KYc\r
-7sF6P0tGo6gLACbx+dO9KFpjBIqVaw9AUwb/IOGm1Yv+QutEISqgDQTKzT0iv2Pt\r
-eSkR2IzaEvH0VmBnTHoHQwrV7x10cMxhwoA1mRvdt8L+gKC91CbVirIiRGCrJabO\r
-GiKKZ+pD5kVi9gy7omrjw2kH6Vu4aQGySGBhzpIZ977oO9u+jaTdMHBtladqVvWd\r
-sIM=
------END CERTIFICATE-----
+++ /dev/null
-# Copyright © 2020, Nokia
-# Modifications Copyright © 2020, Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{- if .Values.global.cmpv2Enabled }}
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector: {{- include "common.selectors" . | nindent 4 }}
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- volumes:
-{{- if .Values.global.addTestingComponents }}
- - name: cmp-servers-template-volume
- secret:
- secretName: {{ .Values.cmpServers.secret.name }}
- - name: {{ .Values.cmpServers.volume.name }}
- emptyDir:
- medium: Memory
-{{- else }}
- - name: {{ .Values.cmpServers.volume.name }}
- secret:
- secretName: {{ .Values.cmpServers.secret.name }}
-{{- end }}
- - name: {{ .Values.tls.server.volume.name }}
- secret:
- secretName: {{ .Values.tls.server.secret.name }}
-{{- if .Values.global.addTestingComponents }}
- initContainers:
- - name: wait-for-ejbca
- command:
- - /root/ready.py
- args:
- - --container-name
- - ejbca-ejbca
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - name: subsitute-envs
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ['sh', '-c', "cd /config-input && envsubst < cmpServers.json > {{ .Values.cmpServers.volume.mountPath }}/cmpServers.json"]
- volumeMounts:
- - name: cmp-servers-template-volume
- mountPath: /config-input
- readOnly: true
- - name: {{ .Values.cmpServers.volume.name }}
- mountPath: {{ .Values.cmpServers.volume.mountPath }}
- readOnly: false
- env:
- - name: CLIENT_IAK
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 14 }}
- - name: CLIENT_RV
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-client-rv" "key" "password") | indent 14 }}
- - name: RA_IAK
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 14 }}
- - name: RA_RV
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-ra-rv" "key" "password") | indent 14 }}
-{{- end }}
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "common.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports: {{ include "common.containerPorts" . | nindent 10 }}
- env:
- - name: HTTPS_PORT
- value: "{{ .Values.envs.httpsPort }}"
- - name: KEYSTORE_PATH
- value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.jksName }}"
- - name: KEYSTORE_P12_PATH
- value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.p12Name }}"
- - name: TRUSTSTORE_PATH
- value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.jksName }}"
- - name: ROOT_CERT
- value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.crtName }}"
- - name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 14 }}
- - name: TRUSTSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 14 }}
- livenessProbe:
- exec:
- command:
- - /bin/bash
- - -c
- - {{ .Values.liveness.command }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- readinessProbe:
- exec:
- command:
- - /bin/bash
- - -c
- - {{ .Values.readiness.command }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - name: {{ .Values.cmpServers.volume.name }}
- mountPath: {{ .Values.cmpServers.volume.mountPath }}
- readOnly: false
- - name: {{ .Values.tls.server.volume.name }}
- mountPath: {{ .Values.tls.server.volume.mountPath }}
- readOnly: true
- resources: {{ include "common.resources" . | nindent 12 }}
-{{ end -}}
+++ /dev/null
-# Copyright © 2020, Nokia
-# Modifications Copyright © 2020, Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{- if .Values.global.cmpv2Enabled }}
-{{ include "common.secretFast" . }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ .Values.cmpServers.secret.name }}
-type: Opaque
-data:
-{{ if .Values.global.addTestingComponents }}
- {{ (.Files.Glob "resources/test/cmpServers.json").AsSecrets }}
-{{ else }}
- {{ (.Files.Glob "resources/default/cmpServers.json").AsSecrets }}
-{{ end }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ .Values.global.aaf.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }}
-type: Opaque
-data:
- certServiceClient-keystore.jks:
- {{ (.Files.Glob "resources/certServiceClient-keystore.jks").AsSecrets }}
- truststore.jks:
- {{ (.Files.Glob "resources/truststore.jks").AsSecrets }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ .Values.tls.server.secret.name }}
-type: Opaque
-data:
- certServiceServer-keystore.jks:
- {{ (.Files.Glob "resources/certServiceServer-keystore.jks").AsSecrets }}
- certServiceServer-keystore.p12:
- {{ (.Files.Glob "resources/certServiceServer-keystore.p12").AsSecrets }}
- truststore.jks:
- {{ (.Files.Glob "resources/truststore.jks").AsSecrets }}
- root.crt:
- {{ (.Files.Glob "resources/root.crt").AsSecrets }}
-{{ end -}}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2020, Nokia
-# Modifications Copyright © 2020, Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-{{- if .Values.global.cmpv2Enabled }}
- {{ include "common.service" . }}
-{{ end -}}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2020, Nokia
-# Modifications Copyright © 2020, Nordix Foundation, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Global
-global:
- envsubstImage: dibi/envsubst
- nodePortPrefix: 302
- # Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- # Ubuntu Init image
- ubuntuInitRepository: registry.hub.docker.com
- ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
- # Logging image
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- # BusyBox image
- busyboxRepository: registry.hub.docker.com
- busyboxImage: library/busybox:1.31
- persistence:
- enabled: true
- # Standard OOM
- pullPolicy: "Always"
- repository: "nexus3.onap.org:10001"
-
-
-# Service configuration
-service:
- type: ClusterIP
- ports:
- - name: http
- port: 8443
- port_protocol: http
-
-
-# Deployment configuration
-repository: nexus3.onap.org:10001
-image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.2.0
-pullPolicy: Always
-replicaCount: 1
-
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 10
- command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
- command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
-
-flavor: small
-resources:
- small:
- limits:
- cpu: 0.5
- memory: 1Gi
- requests:
- cpu: 0.2
- memory: 512Mi
- large:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 0.4
- memory: 1Gi
- unlimited: {}
-
-
-# Application configuration
-cmpServers:
- secret:
- name: aaf-cert-service-secret
- volume:
- name: aaf-cert-service-volume
- mountPath: /etc/onap/aaf/certservice
-
-tls:
- server:
- secret:
- name: aaf-cert-service-server-tls-secret
- volume:
- name: aaf-cert-service-server-tls-volume
- mountPath: /etc/onap/aaf/certservice/certs/
- client:
- secret:
- defaultName: aaf-cert-service-client-tls-secret
-
-envs:
- keystore:
- jksName: certServiceServer-keystore.jks
- p12Name: certServiceServer-keystore.p12
- truststore:
- jksName: truststore.jks
- crtName: root.crt
- httpsPort: 8443
-
-# External secrets with credentials can be provided to override default credentials defined below,
-# by uncommenting and filling appropriate *ExternalSecret value
-credentials:
- tls:
- keystorePassword: secret
- truststorePassword: secret
- #keystorePasswordExternalSecret:
- #truststorePasswordExternalSecret:
- # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
- cmp:
- #clientIakExternalSecret:
- #clientRvExternalSecret:
- #raIakExternalSecret:
- #raRvExternalSecret:
- client: {}
- # iak: mypassword
- # rv: unused
- ra: {}
- # iak: mypassword
- # rv: unused
-
-secrets:
- - uid: keystore-password
- name: '{{ include "common.release" . }}-keystore-password'
- type: password
- externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}'
- password: '{{ .Values.credentials.tls.keystorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- name: '{{ include "common.release" . }}-truststore-password'
- type: password
- externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}'
- password: '{{ .Values.credentials.tls.truststorePassword }}'
- passwordPolicy: required
- # Below values are relevant only if global addTestingComponents flag is enabled
- - uid: ejbca-server-client-iak
- type: password
- externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}'
- password: '{{ .Values.credentials.cmp.client.iak }}'
- - uid: cmp-config-client-rv
- type: password
- externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}'
- password: '{{ .Values.credentials.cmp.client.rv }}'
- - uid: ejbca-server-ra-iak
- type: password
- externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}'
- password: '{{ .Values.credentials.cmp.ra.iak }}'
- - uid: cmp-config-ra-rv
- type: password
- externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
- password: '{{ .Values.credentials.cmp.ra.rv }}'
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
- name: aaf-templates
version: ~6.x-0
repository: 'file://../aaf-templates'
+{{/*
# Copyright © 2017 Amdocs
# Modifications © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "aaf.deployment" . }}
+{{/*
# Copyright © 2017 Amdocs, Orange
# Modifications © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
global:
nodePortPrefix: 302
- # Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- # Ubuntu Init image
- ubuntuInitRepository: registry.hub.docker.com
- ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
- # Logging image
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- # BusyBox image
- busyboxRepository: registry.hub.docker.com
- busyboxImage: library/busybox:1.31
persistence:
enabled: true
# Standard OOM
pullPolicy: "Always"
- repository: "nexus3.onap.org:10001"
aaf:
+ image: onap/aaf/aaf_core:2.1.23
config:
image: onap/aaf/aaf_config:2.1.23
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
- name: aaf-templates
version: ~6.x-0
- repository: 'file://../aaf-templates'
+ repository: 'file://../aaf-templates'
\ No newline at end of file
+{{/*
# Copyright © 2017 Amdocs, Orange
# Modifications © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "aaf.deployment" . }}
+{{/*
# Copyright © 2017 Amdocs, Orange
# Modifications © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
global:
nodePortPrefix: 302
- # Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- # Ubuntu Init image
- ubuntuInitRepository: registry.hub.docker.com
- ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
- # Logging image
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- # BusyBox image
- busyboxRepository: registry.hub.docker.com
- busyboxImage: library/busybox:1.31
persistence:
enabled: true
# Standard OOM
pullPolicy: "Always"
- repository: "nexus3.onap.org:10001"
aaf:
+ image: onap/aaf/aaf_core:2.1.23
config:
image: onap/aaf/aaf_config:2.1.23
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
- name: aaf-templates
version: ~6.x-0
repository: 'file://../aaf-templates'
+{{/*
# Copyright © 2017 Amdocs, Orange
# Modifications © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "aaf.deployment" . }}
+{{/*
# Copyright © 2017 Amdocs, Orange
# Modifications © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
global:
nodePortPrefix: 302
- # Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- # Ubuntu Init image
- ubuntuInitRepository: registry.hub.docker.com
- ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
- # Logging image
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- # BusyBox image
- busyboxRepository: registry.hub.docker.com
- busyboxImage: library/busybox:1.31
persistence:
enabled: true
# Standard OOM
pullPolicy: "Always"
- repository: "nexus3.onap.org:10001"
aaf:
+ image: onap/aaf/aaf_core:2.1.23
config:
image: onap/aaf/aaf_config:2.1.23
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
- name: aaf-templates
version: ~6.x-0
repository: 'file://../aaf-templates'
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
containers:
- name: {{ include "common.name" . }}
command: ["bash","-c","cd /opt/app/aaf && if [ ! -d /opt/app/osaaf/etc ]; then cp -Rf etc logs /opt/app/osaaf; fi && exec bin/hello"]
- image: {{ .Values.global.repository }}/{{.Values.image }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{.Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 8 }}
+{{/*
# Copyright © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
- name: aaf-templates
version: ~6.x-0
repository: 'file://../aaf-templates'
+{{/*
# Copyright © 2017 Amdocs
# Modifications © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "aaf.deployment" . }}
+{{/*
# Copyright © 2017 Amdocs, Orange
# Modifications © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
global:
nodePortPrefix: 302
- # Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- # Ubuntu Init image
- ubuntuInitRepository: registry.hub.docker.com
- ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
- # Logging image
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- # BusyBox image
- busyboxRepository: registry.hub.docker.com
- busyboxImage: library/busybox:1.31
persistence:
enabled: true
# Standard OOM
pullPolicy: "Always"
- repository: "nexus3.onap.org:10001"
aaf:
+ image: onap/aaf/aaf_core:2.1.23
config:
image: onap/aaf/aaf_config:2.1.23
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
- name: aaf-templates
version: ~6.x-0
repository: 'file://../aaf-templates'
+{{/*
# Copyright © 2017 Amdocs
# Modifications © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "aaf.deployment" . }}
+{{/*
# Copyright © 2017 Amdocs, Orange
# Modifications © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
global:
nodePortPrefix: 302
- # Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- # Ubuntu Init image
- ubuntuInitRepository: registry.hub.docker.com
- ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
- # Logging image
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- # BusyBox image
- busyboxRepository: registry.hub.docker.com
- busyboxImage: library/busybox:1.31
persistence:
enabled: true
# Standard OOM
pullPolicy: "Always"
- repository: "nexus3.onap.org:10001"
aaf:
+ image: onap/aaf/aaf_core:2.1.23
config:
image: onap/aaf/aaf_config:2.1.23
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
- name: aaf-templates
version: ~6.x-0
repository: 'file://../aaf-templates'
+{{/*
# Copyright © 2017 Amdocs
# Modifications © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "aaf.deployment" . }}
+{{/*
# Copyright © 2017 Amdocs, Orange
# Modifications © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
global:
nodePortPrefix: 302
- # Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- # Ubuntu Init image
- ubuntuInitRepository: registry.hub.docker.com
- ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
- # Logging image
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- # BusyBox image
- busyboxRepository: registry.hub.docker.com
- busyboxImage: library/busybox:1.31
persistence:
enabled: true
# Standard OOM
pullPolicy: "Always"
- repository: "nexus3.onap.org:10001"
aaf:
+ image: onap/aaf/aaf_core:2.1.23
config:
image: onap/aaf/aaf_config:2.1.23
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-# Modifications © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- serviceName:
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
-{{- if .Values.persistence.enabled }}
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /quorumclient/auth
- chown -R 100:1000 /quorumclient/auth
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /quorumclient/auth
- name: {{ include "common.fullname" . }}-data
-{{- end }}
- containers:
- - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- name: {{ include "common.name" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/quorumclient/bin/quorumclient"]
- workingDir: /quorumclient/
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /quorumclient/config.json
- name: {{ include "common.name" .}}
- subPath: config.json
-{{- if .Values.persistence.enabled }}
- - mountPath: /quorumclient/auth
- name: {{ include "common.fullname" . }}-data
-{{- end }}
- resources:
-{{ include "common.resources" . | indent 10 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name : {{ include "common.name" . }}
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: config.json
- path: config.json
- mode: 0755
-{{- if .Values.persistence.enabled }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote }}
-{{- end }}
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-# Modifications © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/aaf/smsquorumclient:4.0.2
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-# default number of instances
-replicaCount: 3
-
-nodeSelector: {}
-
-affinity: {}
-
-persistence:
- enabled: true
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 10Mi
- mountPath: /dockerdata-nfs
- mountSubPath: sms/quorum/data
-
-ingress:
- enabled: false
-
-flavor: small
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 40m
- memory: 40Mi
- requests:
- cpu: 1m
- memory: 10Mi
- large:
- limits:
- cpu: 400m
- memory: 700Mi
- requests:
- cpu: 10m
- memory: 100Mi
- unlimited: {}
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-vault
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
- config.json: |
- {{ .Values.config.vault | toJson }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-consul
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
- config.json: |
- {{ .Values.config.consul | toJson }}
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - name: {{ .Values.service.portName }}
- {{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }}
- {{- else -}}
- port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- {{- end}}
- protocol: TCP
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-# Modifications © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- serviceName:
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
-{{- if .Values.persistence.enabled }}
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /consul/data
- chown -R 100:1000 /consul/data
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /consul/data
- name: {{ include "common.fullname" . }}-data
-{{- end }}
- containers:
- - image: "{{ include "common.repository" . }}/{{ .Values.image.vault }}"
- name: {{ include "common.name" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- args: ["server"]
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- volumeMounts:
- - mountPath: /vault/config/config.json
- name: {{ include "common.fullname" . }}-vault
- subPath: config.json
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 10 }}
- - image: "{{ include "common.repository" . }}/{{ .Values.image.consul }}"
- name: {{ include "common.name" . }}-backend
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- args: ["agent","-server","-bind","0.0.0.0","-bootstrap-expect=1","-config-file","/consul/config/config.json"]
- ports:
- - name: http
- containerPort: 8500
- volumeMounts:
-{{- if .Values.persistence.enabled }}
- - mountPath: /consul/data
- name: {{ include "common.fullname" . }}-data
-{{- end }}
- - mountPath: /consul/config/config.json
- name: {{ include "common.fullname" . }}-consulconfiguration
- subPath: config.json
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 10 }}
- volumes:
- - name: {{ include "common.fullname" . }}-consulconfiguration
- configMap:
- name: {{ include "common.fullname" . }}-consul
- - name: {{ include "common.fullname" . }}-vault
- configMap:
- name: {{ include "common.fullname" . }}-vault
- - name: localtime
- hostPath:
- path: /etc/localtime
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
-{{- if .Values.persistence.enabled }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote }}
-{{- end }}
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-# Modifications © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- persistence: {}
-
-# application image
-repository: nexus3.onap.org:10001
-image:
- consul: library/consul:1.7.1
- vault: library/vault:1.3.3
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-config:
- consul:
- server: true
- log_level: INFO
- server: true
- data_dir: '/consul/data'
- ports:
- http: 8500
- https: -1
-
- vault:
- storage:
- consul:
- address: localhost:8500
- path: smsvault
- listener:
- tcp:
- address: '[::]:8200'
- tls_disable: true
- disable_mlock: true
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-persistence:
- enabled: true
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: sms/consul/data
-
-service:
- type: ClusterIP
- name: aaf-sms-db
- portName: aaf-sms-db
- internalPort: 8200
- externalPort: 8200
-
-ingress:
- enabled: false
-
-flavor: small
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 40m
- memory: 40Mi
- requests:
- cpu: 10m
- memory: 25Mi
- large:
- limits:
- cpu: 400m
- memory: 700Mi
- requests:
- cpu: 10m
- memory: 100Mi
- unlimited: {}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+ # Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+# Modifications © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ serviceName: {{ include "common.servicename" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{- if .Values.persistence.enabled }}
+ initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /quorumclient/auth
+ chown -R 100:1000 /quorumclient/auth
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /quorumclient/auth
+ name: {{ include "common.fullname" . }}-data
+{{- end }}
+ containers:
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ name: {{ include "common.name" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/quorumclient/bin/quorumclient"]
+ workingDir: /quorumclient/
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /quorumclient/config.json
+ name: {{ include "common.name" .}}
+ subPath: config.json
+{{- if .Values.persistence.enabled }}
+ - mountPath: /quorumclient/auth
+ name: {{ include "common.fullname" . }}-data
+{{- end }}
+ resources:
+{{ include "common.resources" . | indent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name : {{ include "common.name" . }}
+ configMap:
+ name: {{ include "common.fullname" . }}
+ items:
+ - key: config.json
+ path: config.json
+ mode: 0755
+{{- if .Values.persistence.enabled }}
+ volumeClaimTemplates:
+ - metadata:
+ name: {{ include "common.fullname" . }}-data
+ labels:
+ name: {{ include "common.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ include "common.release" . }}"
+ heritage: "{{ .Release.Service }}"
+ spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode | quote }}
+ storageClassName: {{ include "common.storageClass" . }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+{{- end }}
--- /dev/null
+# Copyright 2018 Intel Corporation, Inc
+# Modifications © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/aaf/smsquorumclient:4.0.2
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+# default number of instances
+replicaCount: 3
+
+nodeSelector: {}
+
+affinity: {}
+
+service:
+ name: aaf-sms
+
+persistence:
+ enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 10Mi
+ mountPath: /dockerdata-nfs
+ mountSubPath: sms/quorum/data
+
+ingress:
+ enabled: false
+
+flavor: small
+
+# Configure resource requests and limits
+resources:
+ small:
+ limits:
+ cpu: 40m
+ memory: 40Mi
+ requests:
+ cpu: 1m
+ memory: 10Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 700Mi
+ requests:
+ cpu: 10m
+ memory: 100Mi
+ unlimited: {}
--- /dev/null
+ # Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-vault
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+ config.json: |
+ {{ .Values.config.vault | toJson }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-consul
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+ config.json: |
+ {{ .Values.config.consul | toJson }}
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - name: {{ .Values.service.portName }}
+ {{if eq .Values.service.type "NodePort" -}}
+ port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }}
+ {{- else -}}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- end}}
+ protocol: TCP
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+# Modifications © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ serviceName: {{ include "common.servicename" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+{{- if .Values.persistence.enabled }}
+ initContainers:
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chmod -R 775 /consul/data
+ chown -R 100:1000 /consul/data
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /consul/data
+ name: {{ include "common.fullname" . }}-data
+{{- end }}
+ containers:
+ - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.vault }}
+ name: {{ include "common.name" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args: ["server"]
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ volumeMounts:
+ - mountPath: /vault/config/config.json
+ name: {{ include "common.fullname" . }}-vault
+ subPath: config.json
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ resources:
+{{ include "common.resources" . | indent 10 }}
+ - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.consul }}
+ name: {{ include "common.name" . }}-backend
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args: ["agent","-server","-bind","0.0.0.0","-bootstrap-expect=1","-config-file","/consul/config/config.json"]
+ ports:
+ - name: http
+ containerPort: 8500
+ volumeMounts:
+{{- if .Values.persistence.enabled }}
+ - mountPath: /consul/data
+ name: {{ include "common.fullname" . }}-data
+{{- end }}
+ - mountPath: /consul/config/config.json
+ name: {{ include "common.fullname" . }}-consulconfiguration
+ subPath: config.json
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ resources:
+{{ include "common.resources" . | indent 10 }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-consulconfiguration
+ configMap:
+ name: {{ include "common.fullname" . }}-consul
+ - name: {{ include "common.fullname" . }}-vault
+ configMap:
+ name: {{ include "common.fullname" . }}-vault
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{- if .Values.persistence.enabled }}
+ volumeClaimTemplates:
+ - metadata:
+ name: {{ include "common.fullname" . }}-data
+ labels:
+ name: {{ include "common.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ include "common.release" . }}"
+ heritage: "{{ .Release.Service }}"
+ spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode | quote }}
+ storageClassName: {{ include "common.storageClass" . }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+{{- end }}
--- /dev/null
+# Copyright 2018 Intel Corporation, Inc
+# Modifications © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+
+# application image
+image:
+ consul: library/consul:1.7.1
+ vault: library/vault:1.3.3
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+config:
+ consul:
+ server: true
+ log_level: INFO
+ server: true
+ data_dir: '/consul/data'
+ ports:
+ http: 8500
+ https: -1
+
+ vault:
+ storage:
+ consul:
+ address: localhost:8500
+ path: smsvault
+ listener:
+ tcp:
+ address: '[::]:8200'
+ tls_disable: true
+ disable_mlock: true
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+persistence:
+ enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 2Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: sms/consul/data
+
+service:
+ type: ClusterIP
+ name: aaf-sms-db
+ portName: aaf-sms-db
+ internalPort: 8200
+ externalPort: 8200
+
+ingress:
+ enabled: false
+
+flavor: small
+
+# Configure resource requests and limits
+resources:
+ small:
+ limits:
+ cpu: 40m
+ memory: 40Mi
+ requests:
+ cpu: 10m
+ memory: 25Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 700Mi
+ requests:
+ cpu: 10m
+ memory: 100Mi
+ unlimited: {}
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
- name: certInitializer
version: ~6.x-0
repository: '@local'
+ - name: aaf-sms-quorumclient
+ version: ~6.x-0
+ repository: 'file://components/aaf-sms-quorumclient'
+ - name: aaf-sms-vault
+ version: ~6.x-0
+ repository: 'file://components/aaf-sms-vault'
+{{/*
# Copyright 2018 Intel Corporation, Inc
# Modifications © 2020 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
- -c
- |
cat /int-certs/intermediate_root_ca.pem >> {{ .Values.certInitializer.mountPath }}/local/org.onap.aaf-sms.crt
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
- mountPath: /int-certs
- |
chmod -R 775 /sms/auth
chown -R 1000:1000 /sms/auth
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: /sms/auth
name: {{ include "common.fullname" . }}-auth
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "aaf-sms-vault"
apiVersion: v1
fieldPath: metadata.namespace
containers:
- - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}
command: ["/sms/bin/sms"]
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
- replicas: {{ .Values.replicaCount }}
template:
metadata:
labels:
name: {{ include "common.name" . }}-preload-input
- mountPath: /config/
name: {{ include "common.name" . }}-preload
- image: "{{ .Values.global.envsubstImage }}"
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "aaf-sms"
apiVersion: v1
fieldPath: metadata.namespace
containers:
- - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-preload
command:
+{{/*
# Copyright 2018 Intel Corporation, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
#################################################################
global:
nodePortPrefix: 302
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
persistence: {}
- envsubstImage: dibi/envsubst
aafEnabled: true
flavor: small
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
image: onap/aaf/sms:4.0.2
pullPolicy: Always
internalPort: 10443
externalPort: 10443
+#define value for aaf-sms-quorumclient subchart
+aaf-sms-quorumclient:
+ service:
+ name: aaf-sms
+
persistence:
enabled: true
volumeReclaimPolicy: Retain
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}}
-
-apiVersion: batch/v1
-kind: Job
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- backoffLimit: 2
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- restartPolicy: Never
- containers:
- - name: {{ include "common.name" . }}-job
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/abrmd/bin/initialize_tpm.sh"]
- workingDir: /abrmd/bin
- securityContext:
- privileged: true
- env:
- - name: TPM_NODE_NAME
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- - name: ABRMD_DATA
- value: /abrmd/data
- volumeMounts:
- - name: {{ include "common.fullname" . }}-data
- mountPath: /abrmd/data
- - name: {{ include "common.fullname" . }}-tpm-device
- mountPath: /dev/tpm0
- - name: {{ include "common.fullname" . }}-tpmconfig
- mountPath: "/abrmd/cred/"
- readOnly: true
- resources: {{ toYaml .Values.resources | nindent 10 }}
- {{- if .Values.nodeSelector }}
- nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
- {{- end -}}
- {{- if .Values.global.tpm.enabled }}
- {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity: {{ toYaml .Values.affinity | nindent 8 }}
- {{- end }}
- resources: {{ include "common.resources" . | nindent 10 }}
- volumes:
- - name: {{ include "common.fullname" . }}-data
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-sshsm-data
- - name: {{ include "common.fullname" . }}-tpm-device
- hostPath:
- path: /dev/tpm0
- - name: {{ include "common.fullname" . }}-tpmconfig
- secret:
- secretName: {{ include "common.release" . }}-aaf-sshsm
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
-
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}}
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- selector: {{- include "common.selectors" . | nindent 4 }}
- replicas: {{ .Values.replicaCount }}
- serviceName:
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- initContainers:
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-job-complete
- command:
- - /root/job_complete.py
- args:
- - -j
- - "{{ include "common.fullname" . }}-init"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
- containers:
- - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- name: {{ include "common.name" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/abrmd/bin/run_abrmd.sh"]
- workingDir: /abrmd/bin
- securityContext:
- privileged: true
- volumeMounts:
- - name: {{ include "common.fullname" . }}-dbus
- mountPath: /var/run/dbus
- - name: {{ include "common.fullname" . }}-tpm-device
- mountPath: /dev/tpm0
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- resources: {{ include "common.resources" . | nindent 10 }}
- nodeSelector:
- {{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
- {{- end -}}
- {{- if .Values.global.tpm.enabled }}
- {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity: {{ toYaml .Values.affinity | nindent 8 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-dbus
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-sshsm-dbus
- - name: {{ include "common.fullname" . }}-tpm-device
- hostPath:
- path: /dev/tpm0
-
-{{- end -}}
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/aaf/abrmd:4.0.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-# default number of instances
-replicaCount: 1
-
-# TPM specific node selection is done at parent chart aaf-sshsm
-nodeSelector: {}
-
-affinity: {}
-
-ingress:
- enabled: false
-
-# Configure resource requests and limits
-flavor: small
-resources:
- small:
- limits:
- cpu: 20m
- memory: 50Mi
- requests:
- cpu: 10m
- memory: 10Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 10m
- memory: 100Mi
- unlimited: {}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.distcenter.enabled -}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.distcenter.enabled -}}
-
-apiVersion: batch/v1
-kind: Job
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- replicas: {{ .Values.replicaCount }}
- serviceName:
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- restartPolicy: Never
- initContainers:
-{{- if .Values.global.tpm.enabled }}
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- command:
- - /root/job_complete.py
- args:
- - -j
- - "{{ include "common.release" . }}-aaf-sshsm-abrmd-init"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
-{{ else }}
- - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-gen-passphrase
- command: ["sh", "-c", "/usr/bin/openssl rand -base64 12 >/distcenter/data/passphrase"]
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-data
- mountPath: /distcenter/data
- resources:
- limits:
- cpu: 1
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
-{{- end }}
- containers:
- - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- name: {{ include "common.name" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/entrypoint.sh"]
- workingDir: /distcenter
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-data
- mountPath: /distcenter/data
- resources: {{ include "common.resources" . | nindent 10 }}
- {{- if .Values.nodeSelector }}
- nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity: {{ toYaml .Values.affinity | nindent 8 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-data
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-sshsm
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
-
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.distcenter.enabled -}}
-{{ include "common.PV" . }}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.distcenter.enabled -}}
-{{ include "common.PVC" . }}
-{{- end -}}
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/aaf/distcenter:4.0.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-persistence:
- enabled: true
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 10Mi
- mountPath: /dockerdata-nfs
- mountSubPath: sshsm/distcenter/data
-
-ingress:
- enabled: false
-
-# Configure resource requests and limits
-flavor: small
-resources:
- small:
- limits:
- cpu: 20m
- memory: 50Mi
- requests:
- cpu: 10m
- memory: 10Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 10m
- memory: 100Mi
- unlimited: {}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.testca.enabled -}}
-
-apiVersion: batch/v1
-kind: Job
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- restartPolicy: Never
- initContainers:
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-distcenter-ready
- command:
- - /root/job_complete.py
- args:
- - -j
- - "{{ include "common.release" . }}-aaf-sshsm-distcenter"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
-{{- if .Values.global.tpm.enabled }}
- - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-abrmd-ready
- command: ["sh", "/sshsm/bin/abrmd_ready.sh", "300"]
- workingDir: /testca/bin
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- volumeMounts:
- - name: {{ include "common.fullname" . }}-dbus
- mountPath: /var/run/dbus
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
-{{- end }}
- containers:
- - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- name: {{ include "common.name" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["./import.sh"]
- workingDir: /testca/bin
- env:
-{{- if .Values.global.tpm.enabled }}
- - name: TPM_NODE_NAME
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- - name: DATA_FOLDER
- value: /testca/data/host_$(TPM_NODE_NAME)
-{{ else }}
- - name: DATA_FOLDER
- value: /testca/data
-{{- end }}
- - name: SECRETS_FOLDER
- value: /testca/secrets
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-data
- mountPath: /testca/data
- - name: {{ include "common.fullname" . }}-dbus
- mountPath: /var/run/dbus
- - name: {{ include "common.fullname" . }}-secrets
- mountPath: /testca/secrets
- readOnly: true
- resources: {{ include "common.resources" . | nindent 10 }}
- nodeSelector:
- {{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
- {{- end -}}
- {{- if .Values.global.tpm.enabled }}
- {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity: {{ toYaml .Values.affinity | nindent 8 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-data
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-sshsm
- - name: {{ include "common.fullname" . }}-dbus
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-sshsm-dbus
- - name: {{ include "common.fullname" . }}-secrets
- secret:
- secretName: {{ include "common.release" . }}-aaf-sshsm
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
-
-{{- end -}}
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-
-enabled: true
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/aaf/testcaservice:4.0.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-ingress:
- enabled: false
-
-# Configure resource requests and limits
-flavor: small
-resources:
- small:
- limits:
- cpu: 50m
- memory: 100Mi
- requests:
- cpu: 10m
- memory: 10Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 10m
- memory: 100Mi
- unlimited: {}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.tpm.enabled -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.tpm.enabled -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ serviceName:
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-job-complete
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.fullname" . }}-init"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ containers:
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ name: {{ include "common.name" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/abrmd/bin/run_abrmd.sh"]
+ workingDir: /abrmd/bin
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-dbus
+ mountPath: /var/run/dbus
+ - name: {{ include "common.fullname" . }}-tpm-device
+ mountPath: /dev/tpm0
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ resources: {{ include "common.resources" . | nindent 10 }}
+ nodeSelector:
+ {{- if .Values.nodeSelector }}
+ {{ toYaml .Values.nodeSelector | indent 8 | trim }}
+ {{- end }}
+ {{- if .Values.global.tpm.enabled }}
+ {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-dbus
+ persistentVolumeClaim:
+ claimName: {{ include "common.release" . }}-aaf-sshsm-dbus
+ - name: {{ include "common.fullname" . }}-tpm-device
+ hostPath:
+ path: /dev/tpm0
+
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.tpm.enabled -}}
+
+apiVersion: batch/v1
+kind: Job
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ backoffLimit: 2
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ restartPolicy: Never
+ containers:
+ - name: {{ include "common.name" . }}-job
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/abrmd/bin/initialize_tpm.sh"]
+ workingDir: /abrmd/bin
+ securityContext:
+ privileged: true
+ env:
+ - name: TPM_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: ABRMD_DATA
+ value: /abrmd/data
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-data
+ mountPath: /abrmd/data
+ - name: {{ include "common.fullname" . }}-tpm-device
+ mountPath: /dev/tpm0
+ - name: {{ include "common.fullname" . }}-tpmconfig
+ mountPath: "/abrmd/cred/"
+ readOnly: true
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- if .Values.global.tpm.enabled }}
+ {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
+ {{- end -}}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.release" . }}-aaf-sshsm-data
+ - name: {{ include "common.fullname" . }}-tpm-device
+ hostPath:
+ path: /dev/tpm0
+ - name: {{ include "common.fullname" . }}-tpmconfig
+ secret:
+ secretName: {{ include "common.release" . }}-aaf-sshsm
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
+{{- end -}}
--- /dev/null
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ tpm:
+ enabled: true
+ # if enabled, nodeselector will use the below
+ # values in the nodeselector section of the pod
+ nodeLabel: "tpm-node"
+ nodeLabelValue: "true"
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/aaf/abrmd:4.0.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+# default number of instances
+replicaCount: 1
+
+# TPM specific node selection is done at parent chart aaf-sshsm
+nodeSelector: {}
+
+affinity: {}
+
+ingress:
+ enabled: false
+
+# Configure resource requests and limits
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 20m
+ memory: 50Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 10m
+ memory: 100Mi
+ unlimited: {}
--- /dev/null
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ serviceName:
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ restartPolicy: Never
+ initContainers:
+{{- if .Values.global.tpm.enabled }}
+ - image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-aaf-sshsm-abrmd-init"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+{{ else }}
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-gen-passphrase
+ command: ["sh", "-c", "/usr/bin/openssl rand -base64 12 >/distcenter/data/passphrase"]
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-data
+ mountPath: /distcenter/data
+ resources:
+ limits:
+ cpu: 1
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+{{- end }}
+ containers:
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ name: {{ include "common.name" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/entrypoint.sh"]
+ workingDir: /distcenter
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-data
+ mountPath: /distcenter/data
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.release" . }}-aaf-sshsm
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.PV" . }}
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.PVC" . }}
--- /dev/null
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ tpm:
+ enabled: true
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/aaf/distcenter:4.0.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+persistence:
+ enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 10Mi
+ mountPath: /dockerdata-nfs
+ mountSubPath: sshsm/distcenter/data
+
+ingress:
+ enabled: false
+
+# Configure resource requests and limits
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 20m
+ memory: 50Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 10m
+ memory: 100Mi
+ unlimited: {}
--- /dev/null
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ restartPolicy: Never
+ initContainers:
+ - image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-distcenter-ready
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-aaf-sshsm-distcenter"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+{{- if .Values.global.tpm.enabled }}
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-abrmd-ready
+ command: ["sh", "/sshsm/bin/abrmd_ready.sh", "300"]
+ workingDir: /testca/bin
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-dbus
+ mountPath: /var/run/dbus
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+{{- end }}
+ containers:
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ name: {{ include "common.name" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["./import.sh"]
+ workingDir: /testca/bin
+ env:
+{{- if .Values.global.tpm.enabled }}
+ - name: TPM_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: DATA_FOLDER
+ value: /testca/data/host_$(TPM_NODE_NAME)
+{{ else }}
+ - name: DATA_FOLDER
+ value: /testca/data
+{{- end }}
+ - name: SECRETS_FOLDER
+ value: /testca/secrets
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-data
+ mountPath: /testca/data
+ - name: {{ include "common.fullname" . }}-dbus
+ mountPath: /var/run/dbus
+ - name: {{ include "common.fullname" . }}-secrets
+ mountPath: /testca/secrets
+ readOnly: true
+ resources: {{ include "common.resources" . | nindent 10 }}
+ nodeSelector:
+ {{- if .Values.nodeSelector }}
+ {{ toYaml .Values.nodeSelector | indent 8 | trim }}
+ {{- end -}}
+ {{- if .Values.global.tpm.enabled }}
+ {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.release" . }}-aaf-sshsm
+ - name: {{ include "common.fullname" . }}-dbus
+ persistentVolumeClaim:
+ claimName: {{ include "common.release" . }}-aaf-sshsm-dbus
+ - name: {{ include "common.fullname" . }}-secrets
+ secret:
+ secretName: {{ include "common.release" . }}-aaf-sshsm
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+
+global:
+ tpm:
+ enabled: true
+ # if enabled, nodeselector will use the below
+ # values in the nodeselector section of the pod
+ nodeLabel: "tpm-node"
+ nodeLabelValue: "true"
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/aaf/testcaservice:4.0.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+ingress:
+ enabled: false
+
+# Configure resource requests and limits
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 50m
+ memory: 100Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 10m
+ memory: 100Mi
+ unlimited: {}
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: aaf-sshsm-abrmd
+ version: ~6.x-0
+ repository: 'file://components/aaf-sshsm-abrmd'
+ condition: aaf-sshsm-abrmd.enabled
+ - name: aaf-sshsm-distcenter
+ version: ~6.x-0
+ repository: 'file://components/aaf-sshsm-distcenter'
+ condition: aaf-sshsm-distcenter.enabled
+ - name: aaf-sshsm-testca
+ version: ~6.x-0
+ repository: 'file://components/aaf-sshsm-testca'
+ condition: aaf-sshsm-testca.testca.enabled
+{{/*
# Copyright 2018 Intel Corporation, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Secret
#################################################################
global:
nodePortPrefix: 302
- # Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- # Ubuntu Init image
- ubuntuInitRepository: registry.hub.docker.com
- ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
- # Logging image
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- # BusyBox image
- busyboxRepository: registry.hub.docker.com
- busyboxImage: library/busybox:1.31
# Standard OOM
pullPolicy: "Always"
- repository: "nexus3.onap.org:10001"
tpm:
enabled: false
# values in the nodeselector section of the pod
nodeLabel: "tpm-node"
nodeLabelValue: "true"
- abrmd:
- enabled: true
- distcenter:
- enabled: true
- testca:
- enabled: true
persistence: {}
+aaf-sshsm-abrmd:
+ enabled: true
+aaf-sshsm-distcenter:
+ enabled: true
+aaf-sshsm-testca:
+ enabled: true
+
persistence:
enabled: true
data:
- name: {{ include "common.name" . }}
workingDir: /opt/app/aaf
command: ["bin/{{ .Values.binary }}"]
- image: {{ include "common.repository" . }}/{{.Values.global.aaf.image}}
+ image: {{ include "repositoryGenerator.repository" . }}/{{.Values.global.aaf.image}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
volumeMounts:
- |
chown -R 1000:1000 /opt/app/aaf
chown -R 1000:1000 /opt/app/osaaf
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: /opt/app/osaaf
{{- define "aaf.podConfiguration" }}
- name: {{ include "common.name" . }}-config-container
- image: {{ .Values.global.repository }}/{{.Values.global.aaf.config.image}}
+ image: {{ include "repositoryGenerator.repository" . }}/{{.Values.global.aaf.config.image}}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
{{- if .Values.sequence_order }}
- name: {{ include "common.name" . }}-aaf-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
{{- range $container := .Values.sequence_order }}
- --container-name
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources:
limits:
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: aaf-cass
version: ~6.x-0
repository: 'file://components/aaf-cass'
- - name: aaf-cert-service
- version: ~6.x-0
- repository: 'file://components/aaf-cert-service'
- name: aaf-cm
version: ~6.x-0
repository: 'file://components/aaf-cm'
# Copyright © 2017 Amdocs, Bell Canada
# Modifications © 2020 AT&T
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
nodePortPrefix: 302
- # Readiness image
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- # Ubuntu Init image
- ubuntuInitRepository: registry.hub.docker.com
- ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
- # Logging image
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- # BusyBox image
- busyboxRepository: registry.hub.docker.com
- busyboxImage: library/busybox:1.31
persistence:
enabled: true
# Standard OOM
pullPolicy: "Always"
- repository: "nexus3.onap.org:10001"
-
- # Use Local
- #pullPolicy: IfNotPresent
- #repository: "nexus3.onap.org:10003"
cmpv2Enabled: true
addTestingComponents: false
public_port: 31112
# Note: as hello is a sample app, find values in charts/aaf-hello/values.yaml
- certServiceClient:
- secret:
- name: aaf-cert-service-client-tls-secret
-
#################################################################
# Application configuration defaults.
#################################################################
-Subproject commit f1e329c458c48530da36dd1c6b38b7548116bd65
+Subproject commit 540b846831e2053ccdcce9fa620cb7eeb7f5db46
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Host definition
-ip: 0.0.0.0
-port: {{.Values.service.internalPort}}
-
-# Security (controls use of TLS encrypton and RestServer authentication)
-tls: no
-auth: no
-
-# TLS certificates (must be built on application host)
-priv: provide_privated_key.pem
-pub: provide_public_key.pem
-
-# Mysql
-host: {{.Values.config.mariadbGaleraSVCName}}
-
-# Playbooks
-from_files: yes
-ansible_path: /opt/onap/ccsdk/Playbooks
-ansible_inv: Ansible_inventory
-ansible_temp: PlaybooksTemp
-timeout_seconds: 60
-
-# Blocking on GetResults
-getresults_block: yes
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-chown
- image: "busybox"
- command: ["sh", "-c", "chown -R {{ .Values.config.ansibleUid }}:{{ .Values.config.ansibleGid}} {{ .Values.persistence.playbookPath }}"]
- volumeMounts:
- - mountPath: {{ .Values.persistence.playbookPath }}
- name: {{ include "common.fullname" . }}-playbook
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/ccsdk && ./startAnsibleServer.sh"]
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: {{ .Values.config.configDir }}/RestServer_config
- name: config
- subPath: RestServer_config
- - mountPath: {{ .Values.persistence.playbookPath }}
- name: {{ include "common.fullname" . }}-playbook
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: config
- configMap:
- name: {{ include "common.fullname" . }}
- defaultMode: 0644
-{{ if not .Values.persistence.enabled }}
- - name: {{ include "common.fullname" . }}-playbook
- emptyDir: {}
-{{ else }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-playbook
- labels:
- name: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{ end }}
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-flavor: small
-
-# application image
-repository: nexus3.onap.org:10001
-image: onap/ccsdk-ansible-server-image:0.4.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- ansibleUid: 100
- ansibleGid: 101
- appcChartName: appc
- mysqlServiceName: appc-dbhost
- configDir: /opt/onap/ccsdk
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 180
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: appc-ansible-server
- portName: appc-ansible-server
- internalPort: 8000
- externalPort: 8000
- nfsprovisionerPrefix: appc
- disableNfsProvisioner: true
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- accessMode: ReadWriteOnce
- size: 1Gi
- mountPath: /dockerdata-nfs
- mountSubPath: appc/ansible
- playbookPath: /home/ansible
-
-ingress:
- enabled: false
-
-resources:
- small:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 0.5
- memory: 0.5Mi
- large:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /opt/startCdt.sh
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- # This sets the port that CDT will use to connect to the main appc container.
- # The 11 is the node port suffix that is used in the main appc oom templates
- # for nodePort3. This value will be configured in appc main chart in appc-cdt section.
- - name: CDT_PORT
- value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort3 }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-flavor: small
-
-# application image
-repository: nexus3.onap.org:10001
-image: onap/appc-cdt-image:1.7.2
-pullPolicy: Always
-
-# application configuration
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: NodePort
- name: appc-cdt
- externalPort: 18080
- internalPort: 18080
- nodePort: 89
-
-ingress:
- enabled: false
- service:
- - baseaddr: appccdt
- name: "appc-cdt"
- port: 18080
- config:
- ssl: "redirect"
-
-# Configure resource requests and limits
-# ref: http://kubernetes.io/docs/user-guide/compute-resources/
-resources:
- small:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 0.5
- memory: 500Mi
- large:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- unlimited: {}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := soHelpers
+HELM_BIN := helm
+HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+# Host definition
+ip: 0.0.0.0
+port: {{.Values.service.internalPort}}
+
+# Security (controls use of TLS encrypton and RestServer authentication)
+tls: no
+auth: no
+
+# TLS certificates (must be built on application host)
+priv: provide_privated_key.pem
+pub: provide_public_key.pem
+
+# Mysql
+host: {{.Values.config.mariadbGaleraSVCName}}
+
+# Playbooks
+from_files: yes
+ansible_path: /opt/onap/ccsdk/Playbooks
+ansible_inv: Ansible_inventory
+ansible_temp: PlaybooksTemp
+timeout_seconds: 60
+
+# Blocking on GetResults
+getresults_block: yes
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.name }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ serviceName: {{ include "common.servicename" . }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-chown
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ command: ["sh", "-c", "chown -R {{ .Values.config.ansibleUid }}:{{ .Values.config.ansibleGid}} {{ .Values.persistence.playbookPath }}"]
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.playbookPath }}
+ name: {{ include "common.fullname" . }}-playbook
+ containers:
+ - name: {{ include "common.name" . }}
+ command: ["/bin/bash"]
+ args: ["-c", "cd /opt/onap/ccsdk && ./startAnsibleServer.sh"]
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: {{ .Values.config.configDir }}/RestServer_config
+ name: config
+ subPath: RestServer_config
+ - mountPath: {{ .Values.persistence.playbookPath }}
+ name: {{ include "common.fullname" . }}-playbook
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ defaultMode: 0644
+{{ if not .Values.persistence.enabled }}
+ - name: {{ include "common.fullname" . }}-playbook
+ emptyDir: {}
+{{ else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: {{ include "common.fullname" . }}-playbook
+ labels:
+ name: {{ include "common.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ include "common.release" . }}"
+ heritage: "{{ .Release.Service }}"
+ spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ storageClassName: {{ include "common.storageClass" . }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+{{ end }}
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ persistence: {}
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+flavor: small
+
+# application image
+image: onap/ccsdk-ansible-server-image:0.4.4
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ ansibleUid: 100
+ ansibleGid: 101
+ appcChartName: appc
+ mysqlServiceName: appc-dbhost
+ configDir: /opt/onap/ccsdk
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 180
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: appc-ansible-server
+ portName: appc-ansible-server
+ internalPort: 8000
+ externalPort: 8000
+ nfsprovisionerPrefix: appc
+ disableNfsProvisioner: true
+
+## Persist data to a persitent volume
+persistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ accessMode: ReadWriteOnce
+ size: 1Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: appc/ansible
+ playbookPath: /home/ansible
+
+ingress:
+ enabled: false
+
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 0.5
+ memory: 0.5Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ unlimited: {}
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /opt/startCdt.sh
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.name }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ # This sets the port that CDT will use to connect to the main appc container.
+ # The 11 is the node port suffix that is used in the main appc oom templates
+ # for nodePort3. This value will be configured in appc main chart in appc-cdt section.
+ - name: CDT_PORT
+ value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort3 }}"
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.name }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.name }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+flavor: small
+
+# application image
+image: onap/appc-cdt-image:1.7.2
+pullPolicy: Always
+
+# application configuration
+config: {}
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ name: appc-cdt
+ externalPort: 18080
+ internalPort: 18080
+ nodePort: 89
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: appccdt
+ name: "appc-cdt"
+ port: 18080
+ config:
+ ssl: "redirect"
+
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 0.5
+ memory: 500Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ unlimited: {}
- name: dgbuilder
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: appc-ansible-server
+ version: ~6.x-0
+ repository: 'file://components/appc-ansible-server'
+ condition: appc-ansible-server.enabled
+ - name: appc-cdt
+ version: ~6.x-0
+ repository: 'file://components/appc-cdt'
+ condition: appc-cdt.enabled
\ No newline at end of file
#!/bin/bash -x
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
waiting_bundles=$(/opt/opendaylight/current/bin/client bundle:list | grep Waiting | wc -l)
run_level=$(/opt/opendaylight/current/bin/client system:start-level)
+{{/*
###
# ============LICENSE_START=======================================================
# APPC
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk}
APPC_HOME=${APPC_HOME:-/opt/onap/appc}
#!/bin/bash -x
+{{/*
###
# ============LICENSE_START=======================================================
# if not already installed, and starts the APPC Docker Container
#
#set -x
+*/}}
function enable_odl_cluster(){
if [ -z $APPC_REPLICAS ]; then
+{{/*
###
# ============LICENSE_START=======================================================
# APPC
#
# Certificate keystore and truststore
#
+*/}}
org.onap.ccsdk.sli.adaptors.aai.ssl.trust=/opt/onap/appc/data/stores/truststoreONAPall.jks
org.onap.ccsdk.sli.adaptors.aai.ssl.trust.psswd=changeit
org.onap.ccsdk.sli.adaptors.aai.ssl.key=/opt/onap/appc/data/stores/truststoreONAPall.jks
+{{/*
###
# ============LICENSE_START=======================================================
# APPC
# ============LICENSE_END=========================================================
# ECOMP is a trademark and service mark of AT&T Intellectual Property.
###
+*/}}
### ###
### Properties for demo ###
+{{/*
###
# ============LICENSE_START=======================================================
# APPC
# ============LICENSE_END=========================================================
###
#hostname=localhost
+*/}}
cadi_loglevel=DEBUG
cadi_bath_convert=/opt/onap/appc/data/properties/bath_config.csv
+{{/*
###
# ============LICENSE_START=======================================================
# APPC
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
# dblib.properrties
org.onap.ccsdk.sli.dbtype=jdbc
+{{/*
###
# ============LICENSE_START=======================================================
# APPC
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
org.onap.ccsdk.sli.dbtype = dblib
#Note : the next 4 fields are only used if org.onap.ccsdk.sli.dbtype = jdbc
+{{/*
###
# ============LICENSE_START=======================================================
# APPC
# ============LICENSE_END=========================================================
# ECOMP is a trademark and service mark of AT&T Intellectual Property.
###
+*/}}
MYSQL_USER=${SDNC_DB_USER}
MYSQL_PWD=${SDNC_DB_PASSWD}
+{{/*
###
# ============LICENSE_START=======================================================
# APPC
# ============LICENSE_END=========================================================
# ECOMP is a trademark and service mark of AT&T Intellectual Property.
###
+*/}}
org.onap.ccsdk.sli.dbtype = jdbc
org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
#!/bin/bash
+{{/*
###
# ============LICENSE_START=======================================================
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk}
MYSQL_PASSWD=${MYSQL_ROOT_PASSWORD}
+{{/*
###
# ============LICENSE_START=======================================================
# APPC
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
#
# Configuration file for A&AI Client
+{{/*
###
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
# dblib.properrties
org.onap.ccsdk.sli.dbtype=jdbc
+{{/*
###
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
org.onap.ccsdk.sli.dbtype = dblib
#Note : the next 4 fields are only used if org.onap.ccsdk.sli.dbtype = jdbc
+{{/*
###
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
MYSQL_USER=${SDNC_DB_USER}
MYSQL_PWD=${SDNC_DB_PASSWD}
+{{/*
###
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
org.onap.ccsdk.sli.dbtype = jdbc
org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
filebeat.prospectors:
#it is mandatory, in our case it's log
+{{/*
################################################################################
#
# ============LICENSE_START=======================================================
# ============LICENSE_END=========================================================
#
################################################################################
+*/}}
# Common pattern layout for appenders
log4j2.pattern = %d{ISO8601} | %-5p | %-16t | %-32c{1} | %X{bundle.id} - %X{bundle.name} - %X{bundle.version} | %m%n
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
---
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
name: onap-sdnc-data-properties
- mountPath: /config/sdnc-svclogic-config
name: onap-sdnc-svclogic-config
- image: "{{ .Values.global.envsubstImage }}"
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{.Values.config.mariadbGaleraContName}}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-chown
- image: "busybox"
+ image: {{ include "repositoryGenerator.image.busybox" . }}
command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }}"]
volumeMounts:
- mountPath: {{ .Values.persistence.mdsalPath }}
name: {{ include "common.fullname" . }}-data
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /opt/appc/bin/startODL.sh
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
centralizedLoggingEnabled: false
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- # envsusbt
- envsubstImage: dibi/envsubst
persistence:
mountPath: /dockerdata-nfs
#################################################################
flavor: small
# application image
-repository: nexus3.onap.org:10001
image: onap/appc-image:1.7.2
pullPolicy: Always
dmaapServicePassword: onapappc
appc-ansible-server:
+ enabled: true
service:
name: appc-ansible-server
internalPort: 8000
config:
mysqlServiceName: appc-dbhost
+appc-cdt:
+ enabled: true
+
mariadb-galera:
nameOverride: appc-db
config:
dgbuilder:
nameOverride: appc-dgbuilder
+ certInitializer:
+ nameOverride: appc-dgbuilder-cert-initializer
config:
db:
rootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass'
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright (c) 2019 IBM, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-#
-# Copyright (c) 2017-2019 AT&T, IBM, Bell Canada, Nordix Foundation.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Web server config
-### START -Controller Blueprints Properties
-# Load Resource Source Mappings
-resourceSourceMappings=processor-db=source-db,input=source-input,default=source-default,sdnc=source-rest,aai-data=source-rest,capability=source-capability,rest=source-rest,vault-data=source-rest,script=source-capability
-
-# Blueprint Processor File Execution and Handling Properties
-blueprintsprocessor.blueprintDeployPath=/opt/app/onap/blueprints/deploy
-blueprintsprocessor.blueprintArchivePath=/opt/app/onap/blueprints/archive
-blueprintsprocessor.blueprintWorkingPath=/opt/app/onap/blueprints/working
-
-# blueprints.load.initial-data may be overridden by ENV variables
-blueprintsprocessor.loadInitialData=true
-blueprintsprocessor.loadBluePrint=true
-blueprintsprocessor.loadBluePrintPaths=/opt/app/onap/model-catalog/blueprint-model/service-blueprint
-blueprintsprocessor.loadModelType=true
-blueprintsprocessor.loadModeTypePaths=/opt/app/onap/model-catalog/definition-type/starter-type
-blueprintsprocessor.loadResourceDictionary=true
-blueprintsprocessor.loadResourceDictionaryPaths=/opt/app/onap/model-catalog/resource-dictionary/starter-dictionary
-
-# CBA file extension
-controllerblueprints.loadCbaExtension=zip
-
-### END -Controller Blueprints Properties
-
-blueprintsprocessor.grpcEnable=true
-blueprintsprocessor.httpPort=8080
-blueprintsprocessor.grpcPort=9111
-
-# db
-blueprintsprocessor.db.url=jdbc:mysql://{{.Values.config.cdsDB.dbServer}}:{{.Values.config.cdsDB.dbPort}}/{{.Values.config.cdsDB.dbName}}
-blueprintsprocessor.db.username=${CDS_DB_USERNAME}
-blueprintsprocessor.db.password=${CDS_DB_PASSWORD}
-blueprintsprocessor.db.driverClassName=org.mariadb.jdbc.Driver
-blueprintsprocessor.db.hibernateHbm2ddlAuto=update
-blueprintsprocessor.db.hibernateDDLAuto=update
-blueprintsprocessor.db.hibernateNamingStrategy=org.hibernate.cfg.ImprovedNamingStrategy
-blueprintsprocessor.db.hibernateDialect=org.hibernate.dialect.MySQL5InnoDBDialect
-
-# processor-db endpoint
-blueprintsprocessor.db.processor-db.type=maria-db
-blueprintsprocessor.db.processor-db.url=jdbc:mysql://{{ .Values.config.sdncDB.dbService }}:{{ .Values.config.sdncDB.dbPort }}/{{.Values.config.sdncDB.dbName}}
-blueprintsprocessor.db.processor-db.username=${SDNC_DB_USERNAME}
-blueprintsprocessor.db.processor-db.password=${SDNC_DB_PASSWORD}
-
-# Python executor
-blueprints.processor.functions.python.executor.executionPath=/opt/app/onap/scripts/jython/ccsdk_blueprints
-blueprints.processor.functions.python.executor.modulePaths=/opt/app/onap/scripts/jython/ccsdk_blueprints,/opt/app/onap/scripts/jython/ccsdk_netconf,/opt/app/onap/scripts/jython/ccsdk_restconf
-
-security.user.password: {bcrypt}$2a$10$duaUzVUVW0YPQCSIbGEkQOXwafZGwQ/b32/Ys4R1iwSSawFgz7QNu
-security.user.name: ccsdkapps
-
-# Error Managements
-error.catalog.applicationId=cds
-error.catalog.type=properties
-error.catalog.errorDefinitionFileDirectory=/opt/app/onap/config
-
-# SDN-C's ODL Restconf Connection Details
-blueprintsprocessor.restconfEnabled=true
-blueprintsprocessor.restclient.sdncodl.type=basic-auth
-blueprintsprocessor.restclient.sdncodl.url=http://{{ .Values.global.sdncOamService }}:{{ .Values.global.sdncOamPort }}/
-blueprintsprocessor.restclient.sdncodl.username=admin
-blueprintsprocessor.restclient.sdncodl.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-
-# Executor Options
-blueprintprocessor.resourceResolution.enabled=true
-blueprintprocessor.netconfExecutor.enabled=true
-blueprintprocessor.restConfExecutor.enabled=true
-blueprintprocessor.remoteScriptCommand.enabled=true
-blueprintsprocessor.remote-script-command.response.log.enabled=false
-
-# Command executor
-blueprintsprocessor.grpcclient.remote-python.type=token-auth
-blueprintsprocessor.grpcclient.remote-python.host=cds-command-executor
-blueprintsprocessor.grpcclient.remote-python.port=50051
-blueprintsprocessor.grpcclient.remote-python.token=Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
-blueprintsprocessor.grpcclient.py-executor.host=py-executor-default:50052
-blueprintsprocessor.grpcclient.py-executor.trustCertCollection=/opt/app/onap/config/certs/py-executor/py-executor-chain.pem
-blueprintsprocessor.grpcclient.py-executor.type=tls-auth
-# Config Data REST client settings
-blueprintsprocessor.restclient.sdnc.type=basic-auth
-blueprintsprocessor.restclient.sdnc.url=http://{{ .Values.global.sdncOamService }}:{{ .Values.global.sdncOamPort }}
-blueprintsprocessor.restclient.sdnc.username=admin
-blueprintsprocessor.restclient.sdnc.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-
-# AAI Data REST Client settings
-blueprintsprocessor.restclient.aai-data.type=basic-auth
-blueprintsprocessor.restclient.aai-data.url=https://aai:8443
-blueprintsprocessor.restclient.aai-data.username=aai@aai.onap.org
-blueprintsprocessor.restclient.aai-data.password=demo123456!
-blueprintsprocessor.restclient.aai-data.additionalHeaders.X-TransactionId=cds-transaction-id
-blueprintsprocessor.restclient.aai-data.additionalHeaders.X-FromAppId=cds-app-id
-blueprintsprocessor.restclient.aai-data.additionalHeaders.Accept=application/json
-
-# Self Service Request Kafka Message Consumer
-blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable=false
-blueprintsprocessor.messageconsumer.self-service-api.type=kafka-basic-auth
-blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers=message-router-kafka:9092
-blueprintsprocessor.messageconsumer.self-service-api.groupId=cds-consumer-group
-blueprintsprocessor.messageconsumer.self-service-api.topic=cds-consumer
-blueprintsprocessor.messageconsumer.self-service-api.clientId=cds-client
-blueprintsprocessor.messageconsumer.self-service-api.pollMillSec=1000
-
-# Self Service Response Kafka Message Producer
-blueprintsprocessor.messageproducer.self-service-api.bootstrapServers=message-router-kafka:9092
-
-# Kafka Audit Service Configurations
-blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable=false
-
-# Executor Options
-blueprintsprocessor.resourceResolution.enabled=true
-blueprintsprocessor.netconfExecutor.enabled=true
-blueprintsprocessor.restConfExecutor.enabled=true
-blueprintsprocessor.cliExecutor.enabled=true
-blueprintsprocessor.remoteScriptCommand.enabled=true
-## Enable py-executor
-blueprintsprocessor.streamingRemoteExecution.enabled=true
-
-# Used in Health Check
-blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth
-blueprintsprocessor.messageproducer.self-service-api.clientId=cds-client
-blueprintsprocessor.messageproducer.self-service-api.topic=cds-producer
-
-
-#Encrypted username and password for health check service
-endpoints.user.name=eHbVUbJAj4AG2522cSbrOQ==
-endpoints.user.password=eHbVUbJAj4AG2522cSbrOQ==
-
-#BaseUrls for health check blueprint processor services
-blueprintprocessor.healthcheck.baseUrl=http://localhost:8080/
-blueprintprocessor.healthcheck.mapping-service-name-with-service-link=[Execution service,/api/v1/execution-service/health-check],[Resources service,/api/v1/resources/health-check],[Template service,/api/v1/template/health-check]
-
-#BaseUrls for health check Cds Listener services
-cdslistener.healthcheck.baseUrl=http://cds-sdc-listener:8080/
-cdslistener.healthcheck.mapping-service-name-with-service-link=[SDC Listener service,/api/v1/sdclistener/healthcheck]
-
-#Actuator properties
-management.endpoints.web.exposure.include=*
-management.endpoint.health.show-details=always
+++ /dev/null
-#
-# Copyright © 2020 IBM, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-org.onap.ccsdk.cds.blueprintsprocessor.generic_failure=cause=Internal error in Blueprint Processor run time.,action=Contact CDS administrator team.
-org.onap.ccsdk.cds.blueprintsprocessor.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
-org.onap.ccsdk.cds.blueprintsprocessor.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
-org.onap.ccsdk.cds.blueprintsprocessor.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
-org.onap.ccsdk.cds.blueprintsprocessor.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
-org.onap.ccsdk.cds.blueprintsprocessor.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
-org.onap.ccsdk.cds.blueprintsprocessor.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
-org.onap.ccsdk.cds.blueprintsprocessor.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
-org.onap.ccsdk.cds.blueprintsprocessor.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
-org.onap.ccsdk.cds.blueprintsprocessor.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
-org.onap.ccsdk.cds.blueprintsprocessor.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
-
-# Self Service API
-org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.generic_failure=cause=Internal error in Self Service API.,action=Verify the request and try again.
-org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.generic_process_failure=cause=Internal error while processing REST call to the Self Service API.,action=Verify the request and try again.
-org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.invalid_file_extension=cause=Failed trying to upload a non ZIP file format.,action=Please reload your file and make sure it is in ZIP format.
-org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
-org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
-org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
-org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
-org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
-org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
-org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
-org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
-org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
-org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
-
-# Designer API
-org.onap.ccsdk.cds.blueprintsprocessor.designer.api.generic_failure=cause=Internal error while processing REST call to the Designer API.,action=Verify the request and try again.
-org.onap.ccsdk.cds.blueprintsprocessor.designer.api.invalid_file_extension=cause=Failed trying to upload a non ZIP file format.,action=Please reload your file and make sure it is in ZIP format.
-org.onap.ccsdk.cds.blueprintsprocessor.designer.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
-org.onap.ccsdk.cds.blueprintsprocessor.designer.api.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
-org.onap.ccsdk.cds.blueprintsprocessor.designer.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
-org.onap.ccsdk.cds.blueprintsprocessor.designer.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
-org.onap.ccsdk.cds.blueprintsprocessor.designer.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
-org.onap.ccsdk.cds.blueprintsprocessor.designer.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
-org.onap.ccsdk.cds.blueprintsprocessor.designer.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
-org.onap.ccsdk.cds.blueprintsprocessor.designer.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
-org.onap.ccsdk.cds.blueprintsprocessor.designer.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
-org.onap.ccsdk.cds.blueprintsprocessor.designer.api.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
-
-# Resource API
-org.onap.ccsdk.cds.blueprintsprocessor.resource.api.generic_failure=cause=Internal error while processing REST call to the Resource API.,action=Verify the request and try again.
-org.onap.ccsdk.cds.blueprintsprocessor.resource.api.invalid_file_extension=cause=Failed trying to upload a non ZIP file format.,action=Please reload your file and make sure it is in ZIP format.
-org.onap.ccsdk.cds.blueprintsprocessor.resource.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
-org.onap.ccsdk.cds.blueprintsprocessor.resource.api.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
-org.onap.ccsdk.cds.blueprintsprocessor.resource.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
-org.onap.ccsdk.cds.blueprintsprocessor.resource.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
-org.onap.ccsdk.cds.blueprintsprocessor.resource.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
-org.onap.ccsdk.cds.blueprintsprocessor.resource.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
-org.onap.ccsdk.cds.blueprintsprocessor.resource.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
-org.onap.ccsdk.cds.blueprintsprocessor.resource.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
-org.onap.ccsdk.cds.blueprintsprocessor.resource.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
-org.onap.ccsdk.cds.blueprintsprocessor.resource.api.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
-
-
-# Configs API
-org.onap.ccsdk.cds.blueprintsprocessor.configs.api.generic_failure=cause=Internal error while processing REST call to the Configs API.,action=Verify the request and try again.
-org.onap.ccsdk.cds.blueprintsprocessor.configs.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
-org.onap.ccsdk.cds.blueprintsprocessor.configs.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
-org.onap.ccsdk.cds.blueprintsprocessor.configs.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
-org.onap.ccsdk.cds.blueprintsprocessor.configs.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
-org.onap.ccsdk.cds.blueprintsprocessor.configs.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
-org.onap.ccsdk.cds.blueprintsprocessor.configs.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
-org.onap.ccsdk.cds.blueprintsprocessor.configs.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
-org.onap.ccsdk.cds.blueprintsprocessor.configs.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
-
-# Python Executor
-org.onap.ccsdk.cds.blueprintsprocessor.functions.python.executor.generic_failure=cause=Internal error in Blueprint Processor run time.,action=Contact CDS administrator team.
-
-# Resource resolution
-org.onap.ccsdk.cds.blueprintsprocessor.resource.resolution.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
-org.onap.ccsdk.cds.blueprintsprocessor.resource.resolution.resource_not_found=cause=No response was found for this resolution in CDS.,action=Verify definition of the resource in CBA.
-org.onap.ccsdk.cds.blueprintsprocessor.resource.resolution.internal_error=cause=Internal error while processing Resource Resolution.,action=Verify the payload.
-
-org.onap.ccsdk.cds.sdclistener.generic_failure=cause=Internal error in SDC Listener.,action=Contact CDS administrator team.
+++ /dev/null
-<!--
- ~ Copyright (c) 2017-2018 AT&T Intellectual Property.
- ~
- ~ Licensed under the Apache License, Version 2.0 (the "License");
- ~ you may not use this file except in compliance with the License.
- ~ You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing, software
- ~ distributed under the License is distributed on an "AS IS" BASIS,
- ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ~ See the License for the specific language governing permissions and
- ~ limitations under the License.
- -->
-
-<configuration>
-
- <property name="localPattern" value="%d{HH:mm:ss.SSS} %-5level %logger{100} - %msg%n" />
-
- <property name="defaultPattern" value="%date{ISO8601,UTC}|%X{RequestID}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}| %msg%n" />
-
- <property name="debugLoggerPattern" value="%date{ISO8601,UTC}|%X{RequestID}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}|[%caller{3}]| %msg%n" />
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <!-- encoders are assigned the type
- ch.qos.logback.classic.encoder.PatternLayoutEncoder by default -->
- <encoder>
- <pattern>${defaultPattern}</pattern>
- </encoder>
- </appender>
-
- <logger name="org.springframework" level="info"/>
- <logger name="org.springframework.web" level="info"/>
- <logger name="org.springframework.security.web.authentication" level="warn"/>
- <logger name="org.hibernate" level="error"/>
- <logger name="org.onap.ccsdk.cds" level="info"/>
-
- <root level="info">
- <appender-ref ref="STDOUT"/>
- </root>
-
-</configuration>
+++ /dev/null
-# Copyright (c) 2019 IBM, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright (c) 2019 IBM, Bell Canada
-# Copyright (c) 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- strategy:
- type: RollingUpdate
- rollingUpdate:
- # This allow a new pod to be ready before terminating the old one
- # causing no downtime when replicas is set to 1
- maxUnavailable: 0
-
- # maxSurge to 1 is very important for the hazelcast integration
- # we only want one pod at a time to restart not multiple
- # and break the hazelcast cluster. We should not use % maxSurge value
- # ref : https://hazelcast.com/blog/rolling-upgrade-hazelcast-imdg-on-kubernetes/
- maxSurge: 1
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst '${CDS_DB_USERNAME},${CDS_DB_PASSWORD},${SDNC_DB_USERNAME},${SDNC_DB_PASSWORD}' <${PFILE} >/config/${PFILE}; done"
- env:
- - name: CDS_DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-user-creds" "key" "login") | indent 10}}
- - name: CDS_DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-user-creds" "key" "password") | indent 10}}
- - name: SDNC_DB_USERNAME
- value: root
- - name: SDNC_DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-db-root-pass" "key" "password") | indent 10}}
- volumeMounts:
- - mountPath: /config-input/application.properties
- name: {{ include "common.fullname" . }}-config
- subPath: application.properties
- - mountPath: /config
- name: processed-config
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
-
- - command:
- - /root/ready.py
- args:
- - --container-name
- - cds-db
- {{- if .Values.dmaapEnabled }}
- - --container-name
- - message-router
- {{ end }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - name: fix-permission
- command:
- - chown
- - -R
- - 1000:1000
- - /opt/app/onap/blueprints/deploy
- image: busybox:latest
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: {{ .Values.persistence.deployedBlueprint }}
- name: {{ include "common.fullname" . }}-blueprints
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: APP_CONFIG_HOME
- value: {{ .Values.config.appConfigDir }}
- - name: USE_SCRIPT_COMPILE_CACHE
- value: {{ .Values.config.useScriptCompileCache | quote }}
- # Cluster should only be enabled when replicaCount is more than 2 and useScriptCompileCache is set to false otherwise it won't work properly
- - name: CLUSTER_ENABLED
- value: {{ if and (gt (int (.Values.replicaCount)) 2) (not .Values.config.useScriptCompileCache) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }}
- - name: CLUSTER_ID
- value: {{ .Values.cluster.clusterName }}
- - name: CLUSTER_NODE_ID
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: CLUSTER_CONFIG_FILE
- value: {{ .Values.config.appConfigDir }}/hazelcast.yaml
- ports:
- - containerPort: {{ .Values.service.http.internalPort }}
- - containerPort: {{ .Values.service.grpc.internalPort }}
- - containerPort: {{ .Values.service.cluster.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- httpGet:
- path: /api/v1/execution-service/health-check
- port: {{ .Values.service.http.internalPort }}
- httpHeaders:
- - name: Authorization
- value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end }}
- readinessProbe:
- httpGet:
- path: /api/v1/execution-service/health-check
- port: {{ .Values.service.http.internalPort }}
- httpHeaders:
- - name: Authorization
- value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: {{ .Values.config.appConfigDir }}/application.properties
- name: processed-config
- subPath: application.properties
- - mountPath: {{ .Values.config.appConfigDir }}/error-messages_en.properties
- name: {{ include "common.fullname" . }}-config
- subPath: error-messages_en.properties
- - mountPath: {{ .Values.config.appConfigDir }}/logback.xml
- name: {{ include "common.fullname" . }}-config
- subPath: logback.xml
- - mountPath: {{ .Values.config.appConfigDir }}/hazelcast.yaml
- name: {{ include "common.fullname" . }}-config
- subPath: hazelcast.yaml
-
- - mountPath: {{ .Values.config.appConfigDir }}/ONAP_RootCA.cer
- name: {{ include "common.fullname" . }}-config
- subPath: ONAP_RootCA.cer
-
- - mountPath: {{ .Values.persistence.deployedBlueprint }}
- name: {{ include "common.fullname" . }}-blueprints
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- items:
- - key: application.properties
- path: application.properties
- - key: error-messages_en.properties
- path: error-messages_en.properties
- - key: logback.xml
- path: logback.xml
- - key: hazelcast.yaml
- path: hazelcast.yaml
- - key: ONAP_RootCA.cer
- path: ONAP_RootCA.cer
- - name: {{ include "common.fullname" . }}-blueprints
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-cds-blueprints
- - name: processed-config
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright (c) 2019 IBM, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}-http
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.http.type }}
- ports:
- - port: {{ .Values.service.http.externalPort }}
- targetPort: {{ .Values.service.http.internalPort }}
- {{- if eq .Values.service.http.type "NodePort"}}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.http.nodePort }}
- {{- end}}
- name: {{ .Values.service.http.portName | default "http" }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}-grpc
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.grpc.type }}
- ports:
- - port: {{ .Values.service.grpc.externalPort }}
- targetPort: {{ .Values.service.grpc.internalPort }}
- name: {{ .Values.service.grpc.portName | default "grpc" }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}-cluster
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.cluster.type }}
- ports:
- - port: {{ .Values.service.cluster.externalPort }}
- targetPort: {{ .Values.service.cluster.internalPort }}
- {{- if eq .Values.service.cluster.type "NodePort"}}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.cluster.nodePort }}
- {{- end}}
- name: {{ .Values.service.cluster.portName | default "cluster" }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright (c) 2019 IBM, Bell Canada
-# Copyright (c) 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- # Change to an unused port prefix range to prevent port conflicts
- # with other instances running within the same k8s cluster
- nodePortPrefixExt: 304
-
- # image repositories
- repository: nexus3.onap.org:10001
-
- # readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
- # image pull policy
- pullPolicy: Always
-
- persistence:
- mountPath: /dockerdata-nfs
-
- # envsusbt
- envsubstImage: dibi/envsubst
-
- #This configuration specifies Service and port for SDNC OAM interface
- sdncOamService: sdnc-oam
- sdncOamPort: 8282
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: 'cds-db-user-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbCredsExternalSecret) . }}'
- login: '{{ .Values.config.cdsDB.dbUser }}'
- password: '{{ .Values.config.cdsDB.dbPassword }}'
- passwordPolicy: required
- - uid: 'sdnc-db-root-pass'
- type: password
- externalSecret: '{{ tpl (default "" .Values.config.sdncDB.dbRootPassExternalSecret) . }}'
- password: '{{ .Values.config.sdncDB.dbRootPass }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/ccsdk-blueprintsprocessor:0.7.5
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- appConfigDir: /opt/app/onap/config
- useScriptCompileCache: false
- sdncDB:
- dbService: mariadb-galera
- dbPort: 3306
- dbName: sdnctl
- #dbRootPass: Custom root password
- dbRootPassExternalSecret: '{{ include "common.mariadb.secret.rootPassSecretName" ( dict "dot" . "chartName" .Values.config.sdncDB.dbService ) }}'
- cdsDB:
- dbServer: cds-db
- dbPort: 3306
- dbName: sdnctl
- # dbUser: sdnctl
- # dbPassword: sdnctl
- # dbCredsExternalSecret: <some secret name>
- # dbRootPassword: password
- # dbRootPassExternalSecret
-
-# default number of instances
-replicaCount: 3
-
-nodeSelector: {}
-
-affinity: {}
-
-# flag for kafka-listener dependency. Set to true if you are using message-router otherwise set to false if you are using
-# custom kafka cluster.
-dmaapEnabled: true
-
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 20
- timeoutSeconds: 20
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 120
- periodSeconds: 10
- timeoutSeconds: 20
-
-service:
- http:
- type: ClusterIP
- portName: blueprints-processor-http
- internalPort: 8080
- externalPort: 8080
- grpc:
- type: ClusterIP
- portName: blueprints-processor-grpc
- internalPort: 9111
- externalPort: 9111
- cluster:
- type: ClusterIP
- portName: blueprints-processor-cluster
- internalPort: 5701
- externalPort: 5701
-
-persistence:
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteMany
- size: 2Gi
- enabled: true
- mountSubPath: cds/blueprints/deploy
- deployedBlueprint: /opt/app/onap/blueprints/deploy
-
-cluster:
- # Cannot have cluster enabled if the replicaCount is not at least 3
- # AND config value useScriptCompileCache is not set to false
- enabled: true
-
- clusterName: cds-cluster
-
- # Defines the number of node to be part of the CP subsystem/raft algorithm. This value should be
- # between 3 and 7 only.
- groupSize: 3
-
-ingress:
- enabled: false
- service:
- - baseaddr: "blueprintsprocessorhttp"
- name: "cds-blueprints-processor-http"
- port: 8080
- config:
- ssl: "none"
-
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+++ /dev/null
-# Copyright (c) 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-# Copyright (c) 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - cds-blueprints-processor
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.grpc.internalPort }}
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.grpc.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.grpc.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: {{ .Values.persistence.deployedBlueprint }}
- name: {{ include "common.fullname" . }}-blueprints
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-blueprints
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-cds-blueprints
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright (c) 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- - port: {{ .Values.service.grpc.externalPort }}
- targetPort: {{ .Values.service.grpc.internalPort }}
- {{- if eq .Values.service.type "NodePort"}}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- {{- end}}
- name: {{ .Values.service.grpc.portName | default "grpc" }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
\ No newline at end of file
+++ /dev/null
-# Copyright (c) 2019 Bell Canada
-#
-# Modifications Copyright (c) 2019 Bell Canada.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- # Change to an unused port prefix range to prevent port conflicts
- # with other instances running within the same k8s cluster
- nodePortPrefix: 302
-
- # image repositories
- repository: nexus3.onap.org:10001
-
- # readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
- # image pull policy
- pullPolicy: Always
-
- persistence:
- mountPath: /dockerdata-nfs
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/ccsdk-commandexecutor:0.7.5
-pullPolicy: Always
-
-# application configuration
-config:
- basicAuth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 20
- periodSeconds: 20
- timeoutSeconds: 20
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 20
-
-service:
- type: ClusterIP
- grpc:
- portName: command-executor-grpc
- internalPort: 50051
- externalPort: 50051
-
-persistence:
- enabled: true
- mountSubPath: cds/blueprints/deploy
- deployedBlueprint: /opt/app/onap/blueprints/deploy
-
-ingress:
- enabled: false
-
-resources:
- small:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 1
- memory: 1Gi
- large:
- limits:
- cpu: 4
- memory: 8Gi
- requests:
- cpu: 2
- memory: 4Gi
- unlimited: {}
+++ /dev/null
-# Copyright (c) 2020 Bell Canada, Deutsche Telekom
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-# Copyright (c) 2020 Bell Canada, Deutsche Telekom
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector: {{- include "common.selectors" . | nindent 4 }}
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- command:
- - bash
- args:
- - '-c'
- - 'AUTH_TOKEN=`echo -n $API_USERNAME:$API_PASSWORD | base64` /opt/app/onap/python/start.sh'
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports: {{- include "common.containerPorts" . | nindent 12 }}
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.liveness.port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.liveness.port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- env:
- - name: APP_PORT
- value: {{ .Values.config.appPort }}
- - name: AUTH_TYPE
- value: {{ .Values.config.authType }}
- - name: API_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }}
- - name: API_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }}
- - name: LOG_FILE
- value: {{ .Values.config.logFile }}
- - name: ARTIFACT_MANAGER_PORT
- value: {{ .Values.config.artifactManagerPort }}
- - name: ARTIFACT_MANAGER_SERVER_LOG_FILE
- value: {{ .Values.config.artifactManagerLogFile }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: {{ .Values.persistence.deployedBlueprint }}
- name: {{ include "common.fullname" . }}-blueprints
- resources:
-{{ include "common.resources" . | nindent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | nindent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | nindent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- # Py executor shares the blueprintsprocessor storage (for now) to
- # share uploaded CBA files. In the future it will be deprecated
- # when all parts of the CDS will make use of Artifact Manager
- - name: {{ include "common.fullname" . }}-blueprints
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-cds-blueprints
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright (c) 2020 Deutsche Telekom
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
\ No newline at end of file
+++ /dev/null
-# Copyright (c) 2020 Bell Canada, Deutsche Telekom
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.service" . }}
\ No newline at end of file
+++ /dev/null
-# Copyright (c) 2020 Bell Canada, Deutsche Telekom
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific lan`guage governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- # Change to an unused port prefix range to prevent port conflicts
- # with other instances running within the same k8s cluster
- nodePortPrefix: 302
-
- # image repositories
- repository: nexus3.onap.org:10001
-
- # readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
- # image pull policy
- pullPolicy: Always
-
- persistence:
- mountPath: /dockerdata-nfs
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/ccsdk-py-executor:0.7.5
-pullPolicy: Always
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- port: 50052
- initialDelaySeconds: 20
- periodSeconds: 20
- timeoutSeconds: 20
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- port: 50052
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 20
-
-service:
- type: ClusterIP
- ports:
- - port: 50052
- name: executor-grpc
- - port: 50053
- name: manager-grpc
-
-secrets:
- - uid: api-credentials
- externalSecret: '{{ tpl (default "" .Values.config.authCredentialsExternalSecret) . }}'
- type: basicAuth
- login: '{{ .Values.config.apiUsername }}'
- password: '{{ .Values.config.apiPassword }}'
- passwordPolicy: required
-
-config:
- # the api credentials below are used to authenticate communication with blueprint
- # processor API. Py executor in this context is a client of the blueprint processor
- apiUsername: ccsdkapps
- apiPassword: ccsdkapps
- env:
- appPort: 50052
- authType: tls-auth
- logFile: /dev/stdout
- artifactManagerPort: 50053
- artifactManagerLogFile: /dev/stdout
-
-persistence:
- enabled: true
- mountSubPath: cds/blueprints/deploy
- deployedBlueprint: /opt/app/onap/blueprints/deploy
-
-ingress:
- enabled: false
-
-flavor: small
-
-resources:
- small:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 1
- memory: 1Gi
- large:
- limits:
- cpu: 4
- memory: 8Gi
- requests:
- cpu: 2
- memory: 4Gi
- unlimited: {}
+++ /dev/null
-# Copyright (c) 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-<!--
- ~ Copyright (c) 2019 Bell Canada
- ~
- ~ Licensed under the Apache License, Version 2.0 (the "License");
- ~ you may not use this file except in compliance with the License.
- ~ You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing, software
- ~ distributed under the License is distributed on an "AS IS" BASIS,
- ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ~ See the License for the specific language governing permissions and
- ~ limitations under the License.
- -->
-
-<configuration>
-
- <property name="localPattern" value="%d{HH:mm:ss.SSS} %-5level %logger{100} - %msg%n" />
-
- <property name="defaultPattern" value="%date{ISO8601,UTC}|%X{RequestID}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}| %msg%n" />
-
- <property name="debugLoggerPattern" value="%date{ISO8601,UTC}|%X{RequestID}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}|[%caller{3}]| %msg%n" />
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <!-- encoders are assigned the type
- ch.qos.logback.classic.encoder.PatternLayoutEncoder by default -->
- <encoder>
- <pattern>${defaultPattern}</pattern>
- </encoder>
- </appender>
-
- <logger name="org.springframework" level="info"/>
- <logger name="org.springframework.web" level="info"/>
- <logger name="org.springframework.security.web.authentication" level="warn"/>
- <logger name="org.hibernate" level="error"/>
- <logger name="org.onap.ccsdk.cds" level="info"/>
-
- <root level="warn">
- <appender-ref ref="STDOUT"/>
- </root>
-
-</configuration>
\ No newline at end of file
+++ /dev/null
-# Copyright (c) 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright (c) 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - sdc-be
- - --container-name
- - message-router
- - --container-name
- - cds-blueprints-processor
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: APP_CONFIG_HOME
- value: {{ .Values.config.appConfigDir }}
- ports:
- - containerPort: {{ .Values.service.http.internalPort }}
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- httpGet:
- path: /api/v1/sdclistener/healthcheck
- port: {{ .Values.service.http.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{end}}
- readinessProbe:
- httpGet:
- path: /api/v1/sdclistener/healthcheck
- port: {{ .Values.service.http.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: {{ .Values.config.appConfigDir }}/application.yaml
- name: {{ include "common.fullname" . }}-config
- subPath: application.yaml
- - mountPath: {{ .Values.config.appConfigDir }}/logback.xml
- name: {{ include "common.fullname" . }}-config
- subPath: logback.xml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- items:
- - key: application.yaml
- path: application.yaml
- - key: logback.xml
- path: logback.xml
- imagePullSecrets:
- - name: {{ include "common.namespace" . }}-docker-registry-key
+++ /dev/null
-# Copyright (c) 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - port: {{ .Values.service.http.externalPort }}
- targetPort: {{ .Values.service.http.internalPort }}
- {{- if eq .Values.service.type "NodePort"}}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- {{- end}}
- name: {{ .Values.service.http.portName | default "http" }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright (c) 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- # Change to an unused port prefix range to prevent port conflicts
- # with other instances running within the same k8s cluster
- nodePortPrefix: 302
-
- # image repositories
- repository: nexus3.onap.org:10001
-
- # readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
- # image pull policy
- pullPolicy: Always
-
- persistence:
- mountPath: /dockerdata-nfs
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/ccsdk-sdclistener:0.7.5
-name: sdc-listener
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- appConfigDir: /opt/app/onap/config
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- http:
- portName: cds-sdc-listener-http
- internalPort: 8080
- externalPort: 8080
-
-persistence:
- enabled: true
-
-ingress:
- enabled: false
-
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
-# Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+++ /dev/null
-# Copyright (c) 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 Orange
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.fullname" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- env:
- - name: HOST
- value: 0.0.0.0
- - name: APP_ACTION_DEPLOY_BLUEPRINT_GRPC_ENABLED
- value: "{{ .Values.config.app.action.deployBlueprint.grpcEnabled }}"
- - name: API_BLUEPRINT_CONTROLLER_HTTP_BASE_URL
- value: {{ .Values.config.api.controller.http.baseUrl }}
- - name: API_BLUEPRINT_CONTROLLER_HTTP_AUTH_TOKEN
- value: {{ .Values.config.api.controller.http.authToken }}
- - name: API_BLUEPRINT_PROCESSOR_HTTP_BASE_URL
- value: {{ .Values.config.api.processor.http.baseUrl }}
- - name: API_BLUEPRINT_PROCESSOR_HTTP_AUTH_TOKEN
- value: {{ .Values.config.api.processor.http.authToken }}
- - name: API_BLUEPRINT_PROCESSOR_GRPC_HOST
- value: {{ .Values.config.api.processor.grpc.host }}
- - name: API_BLUEPRINT_PROCESSOR_GRPC_PORT
- value: "{{ .Values.config.api.processor.grpc.port }}"
- - name: API_BLUEPRINT_PROCESSOR_GRPC_AUTH_TOKEN
- value: {{ .Values.config.api.processor.grpc.authToken }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.internalPort }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Orange
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:1.1.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-subChartsOnly:
- enabled: true
-
-# application image
-repository: nexus3.onap.org:10001
-image: onap/ccsdk-cds-ui-server:0.7.5
-pullPolicy: Always
-
-# application configuration
-config:
- app:
- action:
- deployBlueprint:
- grpcEnabled: true
- api:
- controller:
- http:
- baseUrl: http://cds-blueprints-processor-http:8081/api/v1
- authToken: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
- processor:
- http:
- baseUrl: http://cds-blueprints-processor-http:8080/api/v1
- authToken: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
- grpc:
- host: cds-blueprints-processor-grpc
- port: 9111
- authToken: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- httpGet:
- path: /
- port: 3000
- initialDelaySeconds: 30
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- httpGet:
- path: /ping
- port: 3000
- initialDelaySeconds: 30
- periodSeconds: 10
-
-service:
- type: NodePort
- portName: cds-ui
- name: cds-ui
- nodePort: 97
- internalPort: 3000
-
-ingress:
- enabled: false
- service:
- - baseaddr: "cdsui"
- name: "cds-ui"
- port: 3000
- config:
- ssl: "redirect"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 10m
- memory: 100Mi
- large:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 200m
- memory: 200Mi
- unlimited: {}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := soHelpers
+HELM_BIN := helm
+HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright (c) 2019 IBM, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+#
+# Copyright (c) 2017-2019 AT&T, IBM, Bell Canada, Nordix Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Web server config
+### START -Controller Blueprints Properties
+# Load Resource Source Mappings
+*/}}
+resourceSourceMappings=processor-db=source-db,input=source-input,default=source-default,sdnc=source-rest,aai-data=source-rest,capability=source-capability,rest=source-rest,vault-data=source-rest,script=source-capability
+
+# Blueprint Processor File Execution and Handling Properties
+blueprintsprocessor.blueprintDeployPath=/opt/app/onap/blueprints/deploy
+blueprintsprocessor.blueprintArchivePath=/opt/app/onap/blueprints/archive
+blueprintsprocessor.blueprintWorkingPath=/opt/app/onap/blueprints/working
+
+# blueprints.load.initial-data may be overridden by ENV variables
+blueprintsprocessor.loadInitialData=true
+blueprintsprocessor.loadBluePrint=true
+blueprintsprocessor.loadBluePrintPaths=/opt/app/onap/model-catalog/blueprint-model/service-blueprint
+blueprintsprocessor.loadModelType=true
+blueprintsprocessor.loadModeTypePaths=/opt/app/onap/model-catalog/definition-type/starter-type
+blueprintsprocessor.loadResourceDictionary=true
+blueprintsprocessor.loadResourceDictionaryPaths=/opt/app/onap/model-catalog/resource-dictionary/starter-dictionary
+
+# CBA file extension
+controllerblueprints.loadCbaExtension=zip
+
+### END -Controller Blueprints Properties
+
+blueprintsprocessor.grpcEnable=true
+blueprintsprocessor.httpPort=8080
+blueprintsprocessor.grpcPort=9111
+
+# db
+blueprintsprocessor.db.url=jdbc:mysql://{{.Values.config.cdsDB.dbServer}}:{{.Values.config.cdsDB.dbPort}}/{{.Values.config.cdsDB.dbName}}
+blueprintsprocessor.db.username=${CDS_DB_USERNAME}
+blueprintsprocessor.db.password=${CDS_DB_PASSWORD}
+blueprintsprocessor.db.driverClassName=org.mariadb.jdbc.Driver
+blueprintsprocessor.db.hibernateHbm2ddlAuto=update
+blueprintsprocessor.db.hibernateDDLAuto=update
+blueprintsprocessor.db.hibernateNamingStrategy=org.hibernate.cfg.ImprovedNamingStrategy
+blueprintsprocessor.db.hibernateDialect=org.hibernate.dialect.MySQL5InnoDBDialect
+
+# processor-db endpoint
+blueprintsprocessor.db.processor-db.type=maria-db
+blueprintsprocessor.db.processor-db.url=jdbc:mysql://{{ .Values.config.sdncDB.dbService }}:{{ .Values.config.sdncDB.dbPort }}/{{.Values.config.sdncDB.dbName}}
+blueprintsprocessor.db.processor-db.username=${SDNC_DB_USERNAME}
+blueprintsprocessor.db.processor-db.password=${SDNC_DB_PASSWORD}
+
+# Python executor
+blueprints.processor.functions.python.executor.executionPath=/opt/app/onap/scripts/jython/ccsdk_blueprints
+blueprints.processor.functions.python.executor.modulePaths=/opt/app/onap/scripts/jython/ccsdk_blueprints,/opt/app/onap/scripts/jython/ccsdk_netconf,/opt/app/onap/scripts/jython/ccsdk_restconf
+
+security.user.password: {bcrypt}$2a$10$duaUzVUVW0YPQCSIbGEkQOXwafZGwQ/b32/Ys4R1iwSSawFgz7QNu
+security.user.name: ccsdkapps
+
+# Error Managements
+error.catalog.applicationId=cds
+error.catalog.type=properties
+error.catalog.errorDefinitionFileDirectory=/opt/app/onap/config
+
+# SDN-C's ODL Restconf Connection Details
+blueprintsprocessor.restconfEnabled=true
+blueprintsprocessor.restclient.sdncodl.type=basic-auth
+blueprintsprocessor.restclient.sdncodl.url=http://{{ .Values.global.sdncOamService }}:{{ .Values.global.sdncOamPort }}/
+blueprintsprocessor.restclient.sdncodl.username=admin
+blueprintsprocessor.restclient.sdncodl.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+# Executor Options
+blueprintprocessor.resourceResolution.enabled=true
+blueprintprocessor.netconfExecutor.enabled=true
+blueprintprocessor.restConfExecutor.enabled=true
+blueprintprocessor.remoteScriptCommand.enabled=true
+blueprintsprocessor.remote-script-command.response.log.enabled=false
+
+# Command executor
+blueprintsprocessor.grpcclient.remote-python.type=token-auth
+blueprintsprocessor.grpcclient.remote-python.host=cds-command-executor
+blueprintsprocessor.grpcclient.remote-python.port=50051
+blueprintsprocessor.grpcclient.remote-python.token=Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+blueprintsprocessor.grpcclient.py-executor.host=py-executor-default:50052
+blueprintsprocessor.grpcclient.py-executor.trustCertCollection=/opt/app/onap/config/certs/py-executor/py-executor-chain.pem
+blueprintsprocessor.grpcclient.py-executor.type=tls-auth
+# Config Data REST client settings
+blueprintsprocessor.restclient.sdnc.type=basic-auth
+blueprintsprocessor.restclient.sdnc.url=http://{{ .Values.global.sdncOamService }}:{{ .Values.global.sdncOamPort }}
+blueprintsprocessor.restclient.sdnc.username=admin
+blueprintsprocessor.restclient.sdnc.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+# AAI Data REST Client settings
+blueprintsprocessor.restclient.aai-data.type=basic-auth
+blueprintsprocessor.restclient.aai-data.url=https://aai:8443
+blueprintsprocessor.restclient.aai-data.username=aai@aai.onap.org
+blueprintsprocessor.restclient.aai-data.password=demo123456!
+blueprintsprocessor.restclient.aai-data.additionalHeaders.X-TransactionId=cds-transaction-id
+blueprintsprocessor.restclient.aai-data.additionalHeaders.X-FromAppId=cds-app-id
+blueprintsprocessor.restclient.aai-data.additionalHeaders.Accept=application/json
+
+# Self Service Request Kafka Message Consumer
+blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable=false
+blueprintsprocessor.messageconsumer.self-service-api.type=kafka-basic-auth
+blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers=message-router-kafka:9092
+blueprintsprocessor.messageconsumer.self-service-api.groupId=cds-consumer-group
+blueprintsprocessor.messageconsumer.self-service-api.topic=cds-consumer
+blueprintsprocessor.messageconsumer.self-service-api.clientId=cds-client
+blueprintsprocessor.messageconsumer.self-service-api.pollMillSec=1000
+
+# Self Service Response Kafka Message Producer
+blueprintsprocessor.messageproducer.self-service-api.bootstrapServers=message-router-kafka:9092
+
+# Kafka Audit Service Configurations
+blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable=false
+
+# Executor Options
+blueprintsprocessor.resourceResolution.enabled=true
+blueprintsprocessor.netconfExecutor.enabled=true
+blueprintsprocessor.restConfExecutor.enabled=true
+blueprintsprocessor.cliExecutor.enabled=true
+blueprintsprocessor.remoteScriptCommand.enabled=true
+## Enable py-executor
+blueprintsprocessor.streamingRemoteExecution.enabled=true
+
+# Used in Health Check
+blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth
+blueprintsprocessor.messageproducer.self-service-api.clientId=cds-client
+blueprintsprocessor.messageproducer.self-service-api.topic=cds-producer
+
+
+#Encrypted username and password for health check service
+endpoints.user.name=eHbVUbJAj4AG2522cSbrOQ==
+endpoints.user.password=eHbVUbJAj4AG2522cSbrOQ==
+
+#BaseUrls for health check blueprint processor services
+blueprintprocessor.healthcheck.baseUrl=http://localhost:8080/
+blueprintprocessor.healthcheck.mapping-service-name-with-service-link=[Execution service,/api/v1/execution-service/health-check],[Resources service,/api/v1/resources/health-check],[Template service,/api/v1/template/health-check]
+
+#BaseUrls for health check Cds Listener services
+cdslistener.healthcheck.baseUrl=http://cds-sdc-listener:8080/
+cdslistener.healthcheck.mapping-service-name-with-service-link=[SDC Listener service,/api/v1/sdclistener/healthcheck]
+
+#Actuator properties
+management.endpoints.web.exposure.include=*
+management.endpoint.health.show-details=always
+
+#K8s Plugin properties
+#Credentials are placeholders as k8s plugin has not authentication atm
+blueprintprocessor.k8s.plugin.username=unused
+blueprintprocessor.k8s.plugin.password=unused
+blueprintprocessor.k8s.plugin.url=http://multicloud-k8s:9015/
--- /dev/null
+{{/*
+#
+# Copyright © 2020 IBM, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+*/}}
+org.onap.ccsdk.cds.blueprintsprocessor.generic_failure=cause=Internal error in Blueprint Processor run time.,action=Contact CDS administrator team.
+org.onap.ccsdk.cds.blueprintsprocessor.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+org.onap.ccsdk.cds.blueprintsprocessor.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
+
+# Self Service API
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.generic_failure=cause=Internal error in Self Service API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.generic_process_failure=cause=Internal error while processing REST call to the Self Service API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.invalid_file_extension=cause=Failed trying to upload a non ZIP file format.,action=Please reload your file and make sure it is in ZIP format.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
+
+# Designer API
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.generic_failure=cause=Internal error while processing REST call to the Designer API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.invalid_file_extension=cause=Failed trying to upload a non ZIP file format.,action=Please reload your file and make sure it is in ZIP format.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
+
+# Resource API
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.generic_failure=cause=Internal error while processing REST call to the Resource API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.invalid_file_extension=cause=Failed trying to upload a non ZIP file format.,action=Please reload your file and make sure it is in ZIP format.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
+
+
+# Configs API
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.generic_failure=cause=Internal error while processing REST call to the Configs API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+
+# Python Executor
+org.onap.ccsdk.cds.blueprintsprocessor.functions.python.executor.generic_failure=cause=Internal error in Blueprint Processor run time.,action=Contact CDS administrator team.
+
+# Resource resolution
+org.onap.ccsdk.cds.blueprintsprocessor.resource.resolution.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.resolution.resource_not_found=cause=No response was found for this resolution in CDS.,action=Verify definition of the resource in CBA.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.resolution.internal_error=cause=Internal error while processing Resource Resolution.,action=Verify the payload.
+
+org.onap.ccsdk.cds.sdclistener.generic_failure=cause=Internal error in SDC Listener.,action=Contact CDS administrator team.
--- /dev/null
+<!--
+ ~ Copyright (c) 2017-2018 AT&T Intellectual Property.
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<configuration>
+
+ <property name="localPattern" value="%d{HH:mm:ss.SSS} %-5level %logger{100} - %msg%n" />
+
+ <property name="defaultPattern" value="%date{ISO8601,UTC}|%X{RequestID}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}| %msg%n" />
+
+ <property name="debugLoggerPattern" value="%date{ISO8601,UTC}|%X{RequestID}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}|[%caller{3}]| %msg%n" />
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <!-- encoders are assigned the type
+ ch.qos.logback.classic.encoder.PatternLayoutEncoder by default -->
+ <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <logger name="org.springframework" level="{{ .Values.logback.logger.springframework }}"/>
+ <logger name="org.springframework.web" level="{{ .Values.logback.logger.springframeworkWeb }}"/>
+ <logger name="org.springframework.security.web.authentication" level="{{ .Values.logback.logger.springframeworkSecurityWebauthentication }}"/>
+ <logger name="org.hibernate" level="{{ .Values.logback.logger.hibernate }}"/>
+ <logger name="org.onap.ccsdk.cds" level="{{ .Values.logback.logger.onapCcsdkCds }}"/>
+
+ <root level="{{ .Values.logback.rootLogLevel }}">
+ <appender-ref ref="STDOUT"/>
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# Copyright (c) 2019 IBM, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright (c) 2019 IBM, Bell Canada
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ # This allow a new pod to be ready before terminating the old one
+ # causing no downtime when replicas is set to 1
+ maxUnavailable: 0
+
+ # maxSurge to 1 is very important for the hazelcast integration
+ # we only want one pod at a time to restart not multiple
+ # and break the hazelcast cluster. We should not use % maxSurge value
+ # ref : https://hazelcast.com/blog/rolling-upgrade-hazelcast-imdg-on-kubernetes/
+ maxSurge: 1
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst '${CDS_DB_USERNAME},${CDS_DB_PASSWORD},${SDNC_DB_USERNAME},${SDNC_DB_PASSWORD}' <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: CDS_DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-user-creds" "key" "login") | indent 10}}
+ - name: CDS_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-user-creds" "key" "password") | indent 10}}
+ - name: SDNC_DB_USERNAME
+ value: root
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-db-root-pass" "key" "password") | indent 10}}
+ volumeMounts:
+ - mountPath: /config-input/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ - mountPath: /config
+ name: processed-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - cds-db
+ {{- if .Values.dmaapEnabled }}
+ - --container-name
+ - message-router
+ {{ end }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - name: fix-permission
+ command:
+ - chown
+ - -R
+ - 1000:1000
+ - /opt/app/onap/blueprints/deploy
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.deployedBlueprint }}
+ name: {{ include "common.fullname" . }}-blueprints
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: APP_CONFIG_HOME
+ value: {{ .Values.config.appConfigDir }}
+ - name: USE_SCRIPT_COMPILE_CACHE
+ value: {{ .Values.config.useScriptCompileCache | quote }}
+ # Cluster should only be enabled when replicaCount is more than 2 and useScriptCompileCache is set to false otherwise it won't work properly
+ - name: CLUSTER_ENABLED
+ value: {{ if and (gt (int (.Values.replicaCount)) 2) (not .Values.config.useScriptCompileCache) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }}
+ - name: CLUSTER_ID
+ value: {{ .Values.cluster.clusterName }}
+ - name: CLUSTER_NODE_ID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: CLUSTER_CONFIG_FILE
+ value: {{ .Values.config.appConfigDir }}/hazelcast.yaml
+ ports:
+ - containerPort: {{ .Values.service.http.internalPort }}
+ - containerPort: {{ .Values.service.grpc.internalPort }}
+ - containerPort: {{ .Values.service.cluster.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /api/v1/execution-service/health-check
+ port: {{ .Values.service.http.internalPort }}
+ httpHeaders:
+ - name: Authorization
+ value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end }}
+ readinessProbe:
+ httpGet:
+ path: /api/v1/execution-service/health-check
+ port: {{ .Values.service.http.internalPort }}
+ httpHeaders:
+ - name: Authorization
+ value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: {{ .Values.config.appConfigDir }}/application.properties
+ name: processed-config
+ subPath: application.properties
+ - mountPath: {{ .Values.config.appConfigDir }}/error-messages_en.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: error-messages_en.properties
+ - mountPath: {{ .Values.config.appConfigDir }}/logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: logback.xml
+ - mountPath: {{ .Values.config.appConfigDir }}/hazelcast.yaml
+ name: {{ include "common.fullname" . }}-config
+ subPath: hazelcast.yaml
+
+ - mountPath: {{ .Values.config.appConfigDir }}/ONAP_RootCA.cer
+ name: {{ include "common.fullname" . }}-config
+ subPath: ONAP_RootCA.cer
+
+ - mountPath: {{ .Values.persistence.deployedBlueprint }}
+ name: {{ include "common.fullname" . }}-blueprints
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ items:
+ - key: application.properties
+ path: application.properties
+ - key: error-messages_en.properties
+ path: error-messages_en.properties
+ - key: logback.xml
+ path: logback.xml
+ - key: hazelcast.yaml
+ path: hazelcast.yaml
+ - key: ONAP_RootCA.cer
+ path: ONAP_RootCA.cer
+ - name: {{ include "common.fullname" . }}-blueprints
+ persistentVolumeClaim:
+ claimName: {{ include "common.release" . }}-cds-blueprints
+ - name: processed-config
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright (c) 2019 IBM, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}-http
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.http.type }}
+ ports:
+ - port: {{ .Values.service.http.externalPort }}
+ targetPort: {{ .Values.service.http.internalPort }}
+ {{- if eq .Values.service.http.type "NodePort"}}
+ nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.http.nodePort }}
+ {{- end}}
+ name: {{ .Values.service.http.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}-grpc
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.grpc.type }}
+ ports:
+ - port: {{ .Values.service.grpc.externalPort }}
+ targetPort: {{ .Values.service.grpc.internalPort }}
+ name: {{ .Values.service.grpc.portName | default "grpc" }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}-cluster
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.cluster.type }}
+ ports:
+ - port: {{ .Values.service.cluster.externalPort }}
+ targetPort: {{ .Values.service.cluster.internalPort }}
+ {{- if eq .Values.service.cluster.type "NodePort"}}
+ nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.cluster.nodePort }}
+ {{- end}}
+ name: {{ .Values.service.cluster.portName | default "cluster" }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright (c) 2019 IBM, Bell Canada
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefixExt: 304
+
+ # image pull policy
+ pullPolicy: Always
+
+ persistence:
+ mountPath: /dockerdata-nfs
+
+ #This configuration specifies Service and port for SDNC OAM interface
+ sdncOamService: sdnc-oam
+ sdncOamPort: 8282
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: 'cds-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.config.cdsDB.dbUser }}'
+ password: '{{ .Values.config.cdsDB.dbPassword }}'
+ passwordPolicy: required
+ - uid: 'sdnc-db-root-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.sdncDB.dbRootPassExternalSecret) . }}'
+ password: '{{ .Values.config.sdncDB.dbRootPass }}'
+ passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/ccsdk-blueprintsprocessor:1.0.3
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ appConfigDir: /opt/app/onap/config
+ useScriptCompileCache: false
+ sdncDB:
+ dbService: mariadb-galera
+ dbPort: 3306
+ dbName: sdnctl
+ #dbRootPass: Custom root password
+ dbRootPassExternalSecret: '{{ include "common.mariadb.secret.rootPassSecretName" ( dict "dot" . "chartName" .Values.config.sdncDB.dbService ) }}'
+ cdsDB:
+ dbServer: cds-db
+ dbPort: 3306
+ dbName: sdnctl
+ dbUser: sdnctl
+ dbPassword: sdnctl
+ # dbCredsExternalSecret: <some secret name>
+ # dbRootPassword: password
+ # dbRootPassExternalSecret
+
+# default number of instances
+replicaCount: 3
+
+nodeSelector: {}
+
+affinity: {}
+
+# flag for kafka-listener dependency. Set to true if you are using message-router otherwise set to false if you are using
+# custom kafka cluster.
+dmaapEnabled: true
+
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 20
+ timeoutSeconds: 20
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ timeoutSeconds: 20
+
+service:
+ http:
+ type: ClusterIP
+ portName: blueprints-processor-http
+ internalPort: 8080
+ externalPort: 8080
+ grpc:
+ type: ClusterIP
+ portName: blueprints-processor-grpc
+ internalPort: 9111
+ externalPort: 9111
+ cluster:
+ type: ClusterIP
+ portName: blueprints-processor-cluster
+ internalPort: 5701
+ externalPort: 5701
+
+persistence:
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteMany
+ size: 2Gi
+ enabled: true
+ mountSubPath: cds/blueprints/deploy
+ deployedBlueprint: /opt/app/onap/blueprints/deploy
+
+cluster:
+ # Cannot have cluster enabled if the replicaCount is not at least 3
+ # AND config value useScriptCompileCache is not set to false
+ enabled: true
+
+ clusterName: cds-cluster
+
+ # Defines the number of node to be part of the CP subsystem/raft algorithm. This value should be
+ # between 3 and 7 only.
+ groupSize: 3
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "blueprintsprocessorhttp"
+ name: "cds-blueprints-processor-http"
+ port: 8080
+ config:
+ ssl: "none"
+
+logback:
+ rootLogLevel: INFO
+ logger:
+ springframework: INFO
+ springframeworkWeb: INFO
+ springframeworkSecurityWebauthentication: INFO
+ hibernate: INFO
+ onapCcsdkCds: INFO
+
+flavor: small
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
--- /dev/null
+# Copyright (c) 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright (c) 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - cds-blueprints-processor
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.grpc.internalPort }}
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.grpc.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.grpc.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: {{ .Values.persistence.deployedBlueprint }}
+ name: {{ include "common.fullname" . }}-blueprints
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-blueprints
+ persistentVolumeClaim:
+ claimName: {{ include "common.release" . }}-cds-blueprints
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright (c) 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.grpc.externalPort }}
+ targetPort: {{ .Values.service.grpc.internalPort }}
+ {{- if eq .Values.service.type "NodePort"}}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ {{- end}}
+ name: {{ .Values.service.grpc.portName | default "grpc" }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
\ No newline at end of file
--- /dev/null
+# Copyright (c) 2019 Bell Canada
+#
+# Modifications Copyright (c) 2019 Bell Canada.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+
+ # image pull policy
+ pullPolicy: Always
+
+ persistence:
+ mountPath: /dockerdata-nfs
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/ccsdk-commandexecutor:1.0.3
+pullPolicy: Always
+
+# application configuration
+config:
+ basicAuth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 20
+ timeoutSeconds: 20
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 20
+
+service:
+ type: ClusterIP
+ grpc:
+ portName: command-executor-grpc
+ internalPort: 50051
+ externalPort: 50051
+
+persistence:
+ enabled: true
+ mountSubPath: cds/blueprints/deploy
+ deployedBlueprint: /opt/app/onap/blueprints/deploy
+
+ingress:
+ enabled: false
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
--- /dev/null
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ command:
+ - bash
+ args:
+ - '-c'
+ - 'AUTH_TOKEN=`echo -n $API_USERNAME:$API_PASSWORD | base64` /opt/app/onap/python/start.sh'
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ env:
+ - name: APP_PORT
+ value: {{ .Values.config.appPort }}
+ - name: AUTH_TYPE
+ value: {{ .Values.config.authType }}
+ - name: API_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-credentials" "key" "login") | nindent 12 }}
+ - name: API_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-credentials" "key" "password") | nindent 12 }}
+ - name: LOG_FILE
+ value: {{ .Values.config.logFile }}
+ - name: ARTIFACT_MANAGER_PORT
+ value: {{ .Values.config.artifactManagerPort }}
+ - name: ARTIFACT_MANAGER_SERVER_LOG_FILE
+ value: {{ .Values.config.artifactManagerLogFile }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: {{ .Values.persistence.deployedBlueprint }}
+ name: {{ include "common.fullname" . }}-blueprints
+ resources:
+{{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ # Py executor shares the blueprintsprocessor storage (for now) to
+ # share uploaded CBA files. In the future it will be deprecated
+ # when all parts of the CDS will make use of Artifact Manager
+ - name: {{ include "common.fullname" . }}-blueprints
+ persistentVolumeClaim:
+ claimName: {{ include "common.release" . }}-cds-blueprints
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright (c) 2020 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
\ No newline at end of file
--- /dev/null
+# Copyright (c) 2020 Bell Canada, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific lan`guage governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+
+ # image pull policy
+ pullPolicy: Always
+
+ persistence:
+ mountPath: /dockerdata-nfs
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/ccsdk-py-executor:1.0.3
+pullPolicy: Always
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ port: 50052
+ initialDelaySeconds: 20
+ periodSeconds: 20
+ timeoutSeconds: 20
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ port: 50052
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 20
+
+service:
+ type: ClusterIP
+ ports:
+ - port: 50052
+ name: executor-grpc
+ - port: 50053
+ name: manager-grpc
+
+secrets:
+ - uid: api-credentials
+ externalSecret: '{{ tpl (default "" .Values.config.authCredentialsExternalSecret) . }}'
+ type: basicAuth
+ login: '{{ .Values.config.apiUsername }}'
+ password: '{{ .Values.config.apiPassword }}'
+ passwordPolicy: required
+
+config:
+ # the api credentials below are used to authenticate communication with blueprint
+ # processor API. Py executor in this context is a client of the blueprint processor
+ apiUsername: ccsdkapps
+ apiPassword: ccsdkapps
+ env:
+ appPort: 50052
+ authType: tls-auth
+ logFile: /dev/stdout
+ artifactManagerPort: 50053
+ artifactManagerLogFile: /dev/stdout
+
+persistence:
+ enabled: true
+ mountSubPath: cds/blueprints/deploy
+ deployedBlueprint: /opt/app/onap/blueprints/deploy
+
+ingress:
+ enabled: false
+
+flavor: small
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
--- /dev/null
+# Copyright (c) 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+<!--
+ ~ Copyright (c) 2019 Bell Canada
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<configuration>
+
+ <property name="localPattern" value="%d{HH:mm:ss.SSS} %-5level %logger{100} - %msg%n" />
+
+ <property name="defaultPattern" value="%date{ISO8601,UTC}|%X{RequestID}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}| %msg%n" />
+
+ <property name="debugLoggerPattern" value="%date{ISO8601,UTC}|%X{RequestID}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}|[%caller{3}]| %msg%n" />
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <!-- encoders are assigned the type
+ ch.qos.logback.classic.encoder.PatternLayoutEncoder by default -->
+ <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <logger name="org.springframework" level="{{ .Values.logback.logger.springframework }}"/>
+ <logger name="org.springframework.web" level="{{ .Values.logback.logger.springframeworkWeb }}"/>
+ <logger name="org.springframework.security.web.authentication" level="{{ .Values.logback.logger.springframeworkSecurityWebauthentication }}"/>
+ <logger name="org.hibernate" level="{{ .Values.logback.logger.hibernate }}"/>
+ <logger name="org.onap.ccsdk.cds" level="{{ .Values.logback.logger.onapCcsdkCds }}"/>
+
+ <root level="{{ .Values.logback.rootLogLevel }}">
+ <appender-ref ref="STDOUT"/>
+ </root>
+
+</configuration>
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright (c) 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright (c) 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - sdc-be
+ - --container-name
+ - message-router
+ - --container-name
+ - cds-blueprints-processor
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: APP_CONFIG_HOME
+ value: {{ .Values.config.appConfigDir }}
+ ports:
+ - containerPort: {{ .Values.service.http.internalPort }}
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /api/v1/sdclistener/healthcheck
+ port: {{ .Values.service.http.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{end}}
+ readinessProbe:
+ httpGet:
+ path: /api/v1/sdclistener/healthcheck
+ port: {{ .Values.service.http.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: {{ .Values.config.appConfigDir }}/application.yaml
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.yaml
+ - mountPath: {{ .Values.config.appConfigDir }}/logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: logback.xml
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ items:
+ - key: application.yaml
+ path: application.yaml
+ - key: logback.xml
+ path: logback.xml
+ imagePullSecrets:
+ - name: {{ include "common.namespace" . }}-docker-registry-key
--- /dev/null
+{{/*
+# Copyright (c) 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.http.externalPort }}
+ targetPort: {{ .Values.service.http.internalPort }}
+ {{- if eq .Values.service.type "NodePort"}}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ {{- end}}
+ name: {{ .Values.service.http.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright (c) 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+
+ # image pull policy
+ pullPolicy: Always
+
+ persistence:
+ mountPath: /dockerdata-nfs
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/ccsdk-sdclistener:1.0.3
+name: sdc-listener
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ appConfigDir: /opt/app/onap/config
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ http:
+ portName: cds-sdc-listener-http
+ internalPort: 8080
+ externalPort: 8080
+
+persistence:
+ enabled: true
+
+ingress:
+ enabled: false
+
+logback:
+ rootLogLevel: INFO
+ logger:
+ springframework: INFO
+ springframeworkWeb: INFO
+ springframeworkSecurityWebauthentication: INFO
+ hibernate: INFO
+ onapCcsdkCds: INFO
+
+flavor: small
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
--- /dev/null
+# Copyright (c) 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2018 Orange
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.fullname" . }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ env:
+ - name: HOST
+ value: 0.0.0.0
+ - name: APP_ACTION_DEPLOY_BLUEPRINT_GRPC_ENABLED
+ value: "{{ .Values.config.app.action.deployBlueprint.grpcEnabled }}"
+ - name: API_BLUEPRINT_CONTROLLER_HTTP_BASE_URL
+ value: {{ .Values.config.api.controller.http.baseUrl }}
+ - name: API_BLUEPRINT_CONTROLLER_HTTP_AUTH_TOKEN
+ value: {{ .Values.config.api.controller.http.authToken }}
+ - name: API_BLUEPRINT_PROCESSOR_HTTP_BASE_URL
+ value: {{ .Values.config.api.processor.http.baseUrl }}
+ - name: API_BLUEPRINT_PROCESSOR_HTTP_AUTH_TOKEN
+ value: {{ .Values.config.api.processor.http.authToken }}
+ - name: API_BLUEPRINT_PROCESSOR_GRPC_HOST
+ value: {{ .Values.config.api.processor.grpc.host }}
+ - name: API_BLUEPRINT_PROCESSOR_GRPC_PORT
+ value: "{{ .Values.config.api.processor.grpc.port }}"
+ - name: API_BLUEPRINT_PROCESSOR_GRPC_AUTH_TOKEN
+ value: {{ .Values.config.api.processor.grpc.authToken }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}-{{ .Values.service.internalPort }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2018 Orange
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+
+subChartsOnly:
+ enabled: true
+
+# application image
+image: onap/ccsdk-cds-ui-server:1.0.3
+pullPolicy: Always
+
+# application configuration
+config:
+ app:
+ action:
+ deployBlueprint:
+ grpcEnabled: true
+ api:
+ controller:
+ http:
+ baseUrl: http://cds-blueprints-processor-http:8081/api/v1
+ authToken: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+ processor:
+ http:
+ baseUrl: http://cds-blueprints-processor-http:8080/api/v1
+ authToken: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+ grpc:
+ host: cds-blueprints-processor-grpc
+ port: 9111
+ authToken: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ httpGet:
+ path: /
+ port: 3000
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ httpGet:
+ path: /ping
+ port: 3000
+ initialDelaySeconds: 30
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ portName: cds-ui
+ name: cds-ui
+ nodePort: 97
+ internalPort: 3000
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "cdsui"
+ name: "cds-ui"
+ port: 3000
+ config:
+ ssl: "redirect"
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 10m
+ memory: 100Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 200m
+ memory: 200Mi
+ unlimited: {}
repository: '@local'
- name: mariadb-galera
version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+ repository: '@local'
+ - name: cds-blueprints-processor
+ version: ~6.x-0
+ repository: 'file://components/cds-blueprints-processor'
+ condition: cds-blueprints-processor.enabled
+ - name: cds-blueprints-processor
+ version: ~6.x-0
+ repository: 'file://components/cds-command-executor'
+ condition: cds-command-executor.enabled
+ - name: cds-py-executor
+ version: ~6.x-0
+ repository: 'file://components/cds-py-executor'
+ condition: cds-py-executor.enabled
+ - name: cds-sdc-listener
+ version: ~6.x-0
+ repository: 'file://components/cds-sdc-listener'
+ condition: cds-sdc-listener.enabled
+ - name: cds-ui
+ version: ~6.x-0
+ repository: 'file://components/cds-ui'
+ condition: cds-ui.enabled
\ No newline at end of file
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
persistence:
mountPath: /dockerdata-nfs
# Application configuration defaults.
#################################################################
# application images
-repository: nexus3.onap.org:10001
pullPolicy: Always
mountSubPath: cds/data
cds-blueprints-processor:
+ enabled: true
config:
cdsDB:
dbServer: *dbServer
dbName: *mysqlDbName
dbCredsExternalSecret: *dbUserSecretName
+cds-command-executor:
+ enabled: true
+
+cds-py-executor:
+ enabled: true
+
+cds-sdc-listener:
+ enabled: true
+
+cds-ui:
+ enabled: true
+
+
#Resource Limit flavor -By Default using small
flavor: small
#segregation for different envionment (Small and Large)
--- /dev/null
+components/
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"]
- #If enable will do load balancing among availabe Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
- spring_application_json: {{ tpl .Values.config.springApplicationJson . | quote }}
-
-{{ include "common.log.configMap" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - mariadb
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- # side car containers
- {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
- # main container
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- args:
- - ""
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - name: logs
- mountPath: {{ .Values.log.path }}
- - mountPath: /opt/clamp/sdc-controllers-config.json
- name: {{ include "common.fullname" . }}-config
- subPath: sdc-controllers-config.json
- env:
- - name: MYSQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- - name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
- - name: MYSQL_DATABASE
- value: {{ tpl .Values.db.databaseName .}}
- - name: SPRING_APPLICATION_JSON
- valueFrom:
- configMapKeyRef:
- name: {{ template "common.fullname" . }}
- key: spring_application_json
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: sdc-controllers-config.json
- path: sdc-controllers-config.json
- - name: logs
- emptyDir: {}
- {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global: # global defaults
- nodePortPrefix: 302
- repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- persistence: {}
-
-secrets:
- - uid: db-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
- passwordPolicy: required
-
-flavor: small
-
-# application image
-repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.0.7
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# log configuration
-log:
- path: /var/log/onap
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-db: {}
-
-config:
- log:
- logstashServiceName: log-ls
- logstashPort: 5044
- mysqlPassword: strong_pitchou
- dataRootDir: /dockerdata-nfs
- springApplicationJson: >
- {
- "spring.datasource.username": "${MYSQL_USER}",
- "spring.datasource.password": "${MYSQL_PASSWORD}",
- "spring.datasource.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
- "spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements",
- "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json",
- "clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080",
- "clamp.config.dcae.dispatcher.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443",
- "clamp.config.dcae.deployment.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443",
- "clamp.config.dcae.deployment.userName": "none",
- "clamp.config.dcae.deployment.password": "none",
- "clamp.config.policy.api.url": "https4://policy-api.{{ include "common.namespace" . }}:6969",
- "clamp.config.policy.api.userName": "healthcheck",
- "clamp.config.policy.api.password": "zb!XztG34",
- "clamp.config.policy.pap.url": "https4://policy-pap.{{ include "common.namespace" . }}:6969",
- "clamp.config.policy.pap.userName": "healthcheck",
- "clamp.config.policy.pap.password": "zb!XztG34",
- "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095"
- }
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-
-service:
- type: ClusterIP
- name: clamp-backend
- portName: clamp-backend
- internalPort: 8443
- externalPort: 443
-
-ingress:
- enabled: false
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
- small:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
- large:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
----
-# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ======================== Elasticsearch Configuration =========================
-#
-# NOTE: Elasticsearch comes with reasonable defaults for most settings.
-# Before you set out to tweak and tune the configuration, make sure you
-# understand what are you trying to accomplish and the consequences.
-#
-# The primary way of configuring a node is via this file. This template lists
-# the most important settings you may want to configure for a production cluster.
-#
-# Please consult the documentation for further information on configuration options:
-# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
-#
-# ---------------------------------- Cluster -----------------------------------
-#
-# Name of the Elasticsearch cluster.
-# A node can only join a cluster when it shares its cluster.name with all the other nodes in the cluster.
-# The default name is elasticsearch, but you should change it to an appropriate name which describes the
-# purpose of the cluster.
-#
-## Default Elasticsearch configuration from elasticsearch-docker.
-## from https://opendistro.github.io/for-elasticsearch-docs/docs/elasticsearch/configuration/
-#
-
-cluster.name: "clamp-dashboard"
-node.name: "cldash-es-node1"
-# ---------------------------------- Network -----------------------------------
-#
-# Set the bind address to a specific IP (IPv4 or IPv6):
-# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a
-# non-loopback address.
-network.host: 0.0.0.0
-#
-# Set a custom port for HTTP: If required, default is 9200-9300
-#
-#http.port: $http.port
-#
-# For more information, consult the network module documentation.
-# ----------------------------------- Paths ------------------------------------
-#
-# The location of the data files of each index / shard allocated on the node. Can hold multiple locations separated by coma.
-# In production, we should not keep this default to "/elasticsearch/data", as on upgrading Elasticsearch, directory structure
-# may change & can deal to data loss.
-path.data: /usr/share/elasticsearch/data
-#
-# Elasticsearch's log files location. In production, we should not keep this default to "/elasticsearch/logs",
-# as on upgrading Elasticsearch, directory structure may change.
-path.logs: /usr/share/elasticsearch/logs
-#
-# ----------------------------------- Memory -----------------------------------
-#
-# It is vitally important to the health of your node that none of the JVM is ever swapped out to disk.
-# Lock the memory on startup.
-#
-bootstrap.memory_lock: false
-#
-# Make sure that the heap size is set to about half the memory available
-# on the system and that the owner of the process is allowed to use this
-# limit.
-#
-# Elasticsearch performs poorly when the system is swapping the memory.
-#
-# --------------------------------- Discovery ----------------------------------
-#
-# Pass an initial list of hosts to perform discovery when new node is started
-# To form a cluster with nodes on other servers, you have to provide a seed list of other nodes in the cluster
-# that are likely to be live and contactable.
-# By default, Elasticsearch will bind to the available loopback addresses and will scan ports 9300 to 9305 to try
-# to connect to other nodes running on the same server.
-# # minimum_master_nodes need to be explicitly set when bound on a public IP
-# # set to 1 to allow single node clusters
-# # Details: https://github.com/elastic/elasticsearch/pull/17288
-discovery.zen.minimum_master_nodes: 1
-discovery.seed_hosts: []
-# # Breaking change in 7.0
-# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes
-cluster.initial_master_nodes:
- - cldash-es-node1
-# - docker-test-node-1
-# ---------------------------------- Various -----------------------------------
-#
-# Require explicit names when deleting indices:
-#
-#action.destructive_requires_name: true
-# Set a custom port for HTTP: If required, default is 9200-9300
-# This is used for REST APIs
-http.port: {{.Values.service.externalPort}}
-# Port to bind for communication between nodes. Accepts a single value or a range.
-# If a range is specified, the node will bind to the first available port in the range.
-# Defaults to 9300-9400.
-# More info:
-transport.tcp.port: {{.Values.service.externalPort2}}
-
-######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
-# WARNING: revise all the lines below before you go into production
-opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
-opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
-opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.ssl.transport.enforce_hostname_verification: false
-opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
-opendistro_security.ssl.http.pemcert_filepath: esnode.pem
-opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
-opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.allow_unsafe_democertificates: true
-opendistro_security.allow_default_init_securityindex: true
-opendistro_security.authcz.admin_dn:
- - CN=kirk,OU=client,O=client,L=test, C=de
-
-opendistro_security.audit.type: internal_elasticsearch
-opendistro_security.enable_snapshot_restore_privilege: true
-opendistro_security.check_snapshot_restore_write_privileges: true
-opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
-cluster.routing.allocation.disk.threshold_enabled: false
-node.max_local_storage_nodes: 3
-######## End OpenDistro for Elasticsearch Security Demo Configuration ########
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /bin/sh
- - -c
- - |
- sysctl -w vm.max_map_count=262144
- mkdir -p /usr/share/elasticsearch/logs
- mkdir -p /usr/share/elasticsearch/data
- chmod -R 777 /usr/share/elasticsearch
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- securityContext:
- privileged: true
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: init-sysctl
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/elasticsearch/logs/
- - name: {{ include "common.fullname" . }}-data
- mountPath: /usr/share/elasticsearch/data/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ include "common.servicename" . }}
- - containerPort: {{ .Values.service.internalPort2 }}
- name: {{ include "common.servicename" . }}2
-# disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort2 }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
- name: {{ include "common.fullname" . }}-config
- subPath: elasticsearch.yml
- - mountPath: /usr/share/elasticsearch/data/
- name: {{ include "common.fullname" . }}-data
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- items:
- - key: elasticsearch.yml
- path: elasticsearch.yml
- - name: {{ include "common.fullname" . }}-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- - name: {{ include "common.fullname" . }}-logs
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPathLogs }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.config.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.config.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}-tcp
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type2 }}
- ports:
- {{if eq .Values.service.type2 "NodePort" -}}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.config.portName2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.config.portName2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2020 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
- persistence: {}
-flavor: small
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
-
-# application image
-repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-elasticsearch:5.0.3
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 180
- periodSeconds: 30
- timeoutSeconds: 5
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 180
- periodSeconds: 30
- timeoutSeconds: 5
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- accessMode: ReadWriteOnce
- size: 4Gi
- mountPath: /dockerdata-nfs
- mountSubPath: clamp/dashboard-elasticsearch/data
- mountSubPathLogs: clamp
-
-security:
- ssl:
- enabled: true
-
-service:
- type: ClusterIP
- name: cdash-es
- portName: cdash-es-rest
- externalPort: 9200
- internalPort: 9200
- type2: ClusterIP
- portName2: cdash-es-tcp
- externalPort2: 9300
- internalPort2: 9300
-
-ingress:
- enabled: false
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 2.5Gi
- large:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 2.5Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.# Default Kibana configuration from kibana-docker.
-
-server.name: "Clamp CL Dashboard"
-server.host: "0"
-# Kibana is served by a back end server. This setting specifies the port to use.
-server.port: {{.Values.service.externalPort}}
-
-server.ssl.enabled: {{.Values.config.sslEnabled}}
-server.ssl.certificate: {{.Values.config.sslPemCertFilePath}}
-server.ssl.key: {{.Values.config.sslPemkeyFilePath}}
-
-# The URL of the Elasticsearch instance to use for all your queries.
-elasticsearch.hosts: ${elasticsearch_base_url}
-
-elasticsearch.ssl.verificationMode: none
-elasticsearch.username: {{.Values.config.elasticUSR}}
-elasticsearch.password: {{.Values.config.elasticPWD}}
-
-elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
-
-opendistro_security.multitenancy.enabled: true
-opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
-opendistro_security.readonly_mode.roles: ["kibana_read_only"]
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-aaf-pem-keys
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - clamp-dash-es
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ include "common.servicename" . }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
-# disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- env:
- - name: elasticsearch_base_url
- value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/share/kibana/config/kibana.yml
- name: {{ include "common.fullname" . }}
- subPath: kibana.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: kibana.yml
- path: kibana.yml
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.ingress" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.config.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.config.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- persistence: {}
-flavor: small
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
-
-# application image
-repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-kibana:5.0.3
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-#the 'sslEnabled flag' here below is for the kibana UI connection (web browser connection to kibana)
-config:
- elasticsearchServiceName: cdash-es
- elasticsearchPort: 9200
- elasticUSR: kibanaserver
- elasticPWD: kibanaserver
- sslEnabled: true
- sslPemCertFilePath: /usr/share/kibana/config/keystore/org.onap.clamp.crt.pem
- sslPemkeyFilePath: /usr/share/kibana/config/keystore/org.onap.clamp.key.pem
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 360
- periodSeconds: 30
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 360
- periodSeconds: 30
-
-#internal ssl security scheme for elasticsearch connection mainly
-security:
- ssl:
- enabled: true
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: NodePort
- name: cdash-kibana
- portName: cdash-kibana-http
- externalPort: 5601
- internalPort: 5601
- nodePort: 90
-ingress:
- enabled: false
- service:
- - baseaddr: "cdash-kibana"
- name: "cdash-kibana"
- port: 5601
- config:
- ssl: "redirect"
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
- small:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 10m
- memory: 750Mi
- large:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 10m
- memory: 750Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-http.host: "0.0.0.0"
-## Path where pipeline configurations reside
-path.config: /usr/share/logstash/pipeline
-
-## Type of queue : memeory based or file based
-#queue.type: persisted
-## Size of queue
-#queue.max_bytes: 1024mb
-## Setting true makes logstash check periodically for change in pipeline configurations
-config.reload.automatic: true
-
+++ /dev/null
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-input {
- http_poller {
- urls => {
- event_queue => {
- method => get
- url => "${dmaap_base_url}/events/${event_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
- headers => {
- Accept => "application/json"
- }
- topic => "${event_topic}"
- tags => [ "dmaap_source" ]
- }
- notification_queue => {
- method => get
- url => "${dmaap_base_url}/events/${notification_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
- headers => {
- Accept => "application/json"
- }
- topic => "${notification_topic}"
- tags => [ "dmaap_source" ]
- }
- request_queue => {
- method => get
- url => "${dmaap_base_url}/events/${request_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
- headers => {
- Accept => "application/json"
- }
- topic => "${request_topic}"
- tags => [ "dmaap_source" ]
- }
- }
- socket_timeout => 30
- request_timeout => 30
- schedule => { "every" => "1m" }
- codec => "plain"
- cacert => "/certs.d/aafca.pem"
- }
-}
-
-
-filter {
- # avoid noise if no entry in the list
- if [message] == "[]" {
- drop { }
- }
-
- if [http_request_failure] or [@metadata][code] != 200 {
- mutate {
- add_tag => [ "error" ]
- }
- }
-
- if "dmaap_source" in [@metadata][request][tags] {
- #
- # Dmaap provides a json list, whose items are Strings containing the event
- # provided to Dmaap, which itself is an escaped json.
- #
- # We first need to parse the json as we have to use the plaintext as it cannot
- # work with list of events, then split that list into multiple string events,
- # that we then transform into json.
- #
- json {
- source => "[message]"
- target => "message"
- }
-
- split {
- field => "message"
- }
- json {
- source => "message"
- }
- mutate {
- remove_field => [ "message" ]
- }
- }
-
- #
- # Some timestamps are expressed as milliseconds, some are in microseconds
- #
- if [closedLoopAlarmStart] {
- ruby {
- code => "
- if event.get('closedLoopAlarmStart').to_s.to_i(10) > 9999999999999
- event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10) / 1000)
- else
- event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10))
- end
- "
- }
- date {
- match => [ "closedLoopAlarmStart", UNIX_MS ]
- target => "closedLoopAlarmStart"
- }
- }
-
- if [closedLoopAlarmEnd] {
- ruby {
- code => "
- if event.get('closedLoopAlarmEnd').to_s.to_i(10) > 9999999999999
- event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10) / 1000)
- else
- event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10))
- end
- "
- }
- date {
- match => [ "closedLoopAlarmEnd", UNIX_MS ]
- target => "closedLoopAlarmEnd"
- }
-
- }
-
-
- #
- # Notification time are expressed under the form "yyyy-MM-dd HH:mm:ss", which
- # is close to ISO8601, but lacks of T as spacer: "yyyy-MM-ddTHH:mm:ss"
- #
- if [notificationTime] {
- mutate {
- gsub => [
- "notificationTime", " ", "T"
- ]
- }
- date {
- match => [ "notificationTime", ISO8601 ]
- target => "notificationTime"
- }
- }
-
-
- #
- # Renaming some fields for readability
- #
- if [AAI][generic-vnf.vnf-name] {
- mutate {
- add_field => { "vnfName" => "%{[AAI][generic-vnf.vnf-name]}" }
- }
- }
- if [AAI][generic-vnf.vnf-type] {
- mutate {
- add_field => { "vnfType" => "%{[AAI][generic-vnf.vnf-type]}" }
- }
- }
- if [AAI][vserver.vserver-name] {
- mutate {
- add_field => { "vmName" => "%{[AAI][vserver.vserver-name]}" }
- }
- }
- if [AAI][complex.city] {
- mutate {
- add_field => { "locationCity" => "%{[AAI][complex.city]}" }
- }
- }
- if [AAI][complex.state] {
- mutate {
- add_field => { "locationState" => "%{[AAI][complex.state]}" }
- }
- }
-
-
- #
- # Adding some flags to ease aggregation
- #
- if [closedLoopEventStatus] =~ /(?i)ABATED/ {
- mutate {
- add_field => { "flagAbated" => "1" }
- }
- }
- if [notification] =~ /^.*?(?:\b|_)FINAL(?:\b|_).*?(?:\b|_)FAILURE(?:\b|_).*?$/ {
- mutate {
- add_field => { "flagFinalFailure" => "1" }
- }
- }
-
-
- if "error" not in [@metadata][request][tags]{
- #
- # Creating data for a secondary index
- #
- clone {
- clones => [ "event-cl-aggs" ]
- add_tag => [ "event-cl-aggs" ]
- }
-
- if "event-cl-aggs" in [@metadata][request][tags]{
- #
- # we only need a few fields for aggregations; remove all fields from clone except :
- # vmName,vnfName,vnfType,requestID,closedLoopAlarmStart, closedLoopControlName,closedLoopAlarmEnd,abated,nbrDmaapevents,finalFailure
- #
- prune {
- whitelist_names => ["^@.*$","^topic$","^type$","^tags$","^flagFinalFailure$","^flagAbated$","^locationState$","^locationCity$","^vmName$","^vnfName$","^vnfType$","^requestID$","^closedLoopAlarmStart$","^closedLoopControlName$","^closedLoopAlarmEnd$","^target$","^target_type$","^triggerSourceName$","^policyScope$","^policyName$","^policyVersion$"]
- }
-
- }
- }
-}
-
-
-output {
- stdout {
- codec => rubydebug
- }
-
- if "error" in [tags] {
- elasticsearch {
- codec => "json"
- cacert => "/clamp-cert/ca-certs.pem"
- ssl_certificate_verification => false
- hosts => ["${elasticsearch_base_url}"]
- user => ["${logstash_user}"]
- password => ["${logstash_pwd}"]
- index => "errors-%{+YYYY.MM.DD}"
- doc_as_upsert => true
- }
-
- } else if "event-cl-aggs" in [tags] {
- elasticsearch {
- codec => "json"
- hosts => ["${elasticsearch_base_url}"]
- cacert => "/clamp-cert/ca-certs.pem"
- ssl_certificate_verification => false
- user => ["${logstash_user}"]
- password => ["${logstash_pwd}"]
- document_id => "%{requestID}"
- index => "events-cl-%{+YYYY.MM.DD}" # creates daily indexes for control loop
- doc_as_upsert => true
- action => "update"
- }
-
- } else {
- elasticsearch {
- codec => "json"
- hosts => ["${elasticsearch_base_url}"]
- cacert => "/clamp-cert/ca-certs.pem"
- ssl_certificate_verification => false
- user => ["${logstash_user}"]
- password => ["${logstash_pwd}"]
- index => "events-%{+YYYY.MM.DD}" # creates daily indexes
- doc_as_upsert => true
- }
- }
-}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - clamp-dash-es
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: dmaap_consumer_group
- value: "{{ .Values.config.dmaapConsumerGroup }}"
- - name: dmaap_consumer_id
- value: "{{ .Values.config.dmaapConsumerId }}"
- - name: event_topic
- value: "{{ .Values.config.eventTopic }}"
- - name: notification_topic
- value: "{{ .Values.config.notificationTopic }}"
- - name: request_topic
- value: "{{ .Values.config.requestTopic }}"
- - name: dmaap_base_url
- value: {{ ternary "https" "http" .Values.security.ssl.enabled }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }}
- - name: logstash_user
- value: "{{ .Values.config.logstash_user }}"
- - name: logstash_pwd
- value: "{{ .Values.config.logstash_pwd }}"
- - name: elasticsearch_base_url
- value: "{{ ternary "https" "http" .Values.security.ssl.enabled }}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ include "common.servicename" . }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
-# disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end -}}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/share/logstash/config/logstash.yml
- name: {{ include "common.fullname" . }}
- subPath: logstash.yml
- - mountPath: /usr/share/logstash/pipeline/logstash.conf
- name: {{ include "common.fullname" . }}
- subPath: pipeline.conf
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: logstash.yml
- path: logstash.yml
- - key: pipeline.conf
- path: pipeline.conf
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.config.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.config.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- persistence: {}
-flavor: small
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-# application image
-repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:5.0.3
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- elasticsearchServiceName: cdash-es
- elasticsearchPort: 9200
- dmaapHost: message-router
- dmaapSchemeSSL: https
- dmaapSchemeNoSSL: http
- dmaapPort: 3905
- dmaapConsumerGroup: "clampdashboard"
- dmaapConsumerId: "clampdashboard"
- eventTopic: "DCAE-CL-EVENT"
- notificationTopic: "POLICY-CL-MGT"
- requestTopic: "APPC-CL"
- logstash_user: "logstash"
- logstash_pwd: "logstash"
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 900
- periodSeconds: 20
- timeoutSeconds: 5
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 900
- periodSeconds: 20
- timeoutSeconds: 5
-
-security:
- ssl:
- enabled: true
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: ClusterIP
- name: cdash-ls
- portName: cdash-ls-healthcheck
- externalPort: 9600
- internalPort: 9600
-ingress:
- enabled: false
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
- small:
- limits:
- cpu: 1
- memory: 1.3Gi
- requests:
- cpu: 10m
- memory: 750Mi
- large:
- limits:
- cpu: 1
- memory: 1.3Gi
- requests:
- cpu: 10m
- memory: 750Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: MariaDB Service
-name: mariadb
-version: 6.0.0
+++ /dev/null
-#!/bin/bash
-set -eo pipefail
-shopt -s nullglob
-
-# if command starts with an option, prepend mysqld
-if [ "${1:0:1}" = '-' ]; then
- set -- mysqld "$@"
-fi
-
-# skip setup if they want an option that stops mysqld
-wantHelp=
-for arg; do
- case "$arg" in
- -'?'|--help|--print-defaults|-V|--version)
- wantHelp=1
- break
- ;;
- esac
-done
-
-# usage: file_env VAR [DEFAULT]
-# ie: file_env 'XYZ_DB_PASSWORD' 'example'
-# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
-# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
-file_env() {
- local var="$1"
- local fileVar="${var}_FILE"
- local def="${2:-}"
- if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
- echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
- exit 1
- fi
- local val="$def"
- if [ "${!var:-}" ]; then
- val="${!var}"
- elif [ "${!fileVar:-}" ]; then
- val="$(< "${!fileVar}")"
- fi
- val=`echo -n $val | sed -e "s/'/''/g"`
- export "$var"="$val"
- unset "$fileVar"
-}
-
-_check_config() {
- toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" )
- if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
- cat >&2 <<-EOM
-
- ERROR: mysqld failed while attempting to check config
- command was: "${toRun[*]}"
-
- $errors
- EOM
- exit 1
- fi
-}
-
-# Fetch value from server config
-# We use mysqld --verbose --help instead of my_print_defaults because the
-# latter only show values present in config files, and not server defaults
-_get_config() {
- local conf="$1"; shift
- "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
- | awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
- # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)"
-}
-
-# allow the container to be started with `--user`
-if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then
- _check_config "$@"
- DATADIR="$(_get_config 'datadir' "$@")"
- mkdir -p "$DATADIR"
- find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
- exec gosu mysql "$BASH_SOURCE" "$@"
-fi
-
-if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
- # still need to check config, container may have started with --user
- _check_config "$@"
- # Get config
- DATADIR="$(_get_config 'datadir' "$@")"
-
- if [ ! -d "$DATADIR/mysql" ]; then
- file_env 'MYSQL_ROOT_PASSWORD'
- if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- echo >&2 'error: database is uninitialized and password option is not specified '
- echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
- exit 1
- fi
-
- mkdir -p "$DATADIR"
-
- echo 'Initializing database'
- # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
- mysql_install_db --datadir="$DATADIR" --rpm "${@:2}"
- echo 'Database initialized'
-
- SOCKET="$(_get_config 'socket' "$@")"
- "$@" --skip-networking --socket="${SOCKET}" &
- pid="$!"
-
- mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" )
-
- for i in {30..0}; do
- if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
- break
- fi
- echo 'MySQL init process in progress...'
- sleep 1
- done
- if [ "$i" = 0 ]; then
- echo >&2 'MySQL init process failed.'
- exit 1
- fi
-
- if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
- # sed is for https://bugs.mysql.com/bug.php?id=20545
- mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
- fi
-
- if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
- echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
- fi
-
- rootCreate=
- # default root to listen for connections from anywhere
- file_env 'MYSQL_ROOT_HOST' '%'
- if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then
- # no, we don't care if read finds a terminating character in this heredoc
- # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
- read -r -d '' rootCreate <<-EOSQL || true
- CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
- GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
- EOSQL
- fi
-
- "${mysql[@]}" <<-EOSQL
- -- What's done in this file shouldn't be replicated
- -- or products like mysql-fabric won't work
- SET @@SESSION.SQL_LOG_BIN=0;
-
- DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
- SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
- GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
- ${rootCreate}
- DROP DATABASE IF EXISTS test ;
- FLUSH PRIVILEGES ;
- EOSQL
-
- if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
- mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
- fi
-
- file_env 'MYSQL_DATABASE'
- if [ "$MYSQL_DATABASE" ]; then
- echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
- mysql+=( "$MYSQL_DATABASE" )
- fi
-
- file_env 'MYSQL_USER'
- file_env 'MYSQL_PASSWORD'
- if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
- echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}"
-
- if [ "$MYSQL_DATABASE" ]; then
- echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
- fi
- fi
-
- echo
- for f in /docker-entrypoint-initdb.d/*; do
- case "$f" in
- *.sh) echo "$0: running $f"; . "$f" ;;
- *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;;
- *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;;
- *) echo "$0: ignoring $f" ;;
- esac
- echo
- done
-
- if ! kill -s TERM "$pid" || ! wait "$pid"; then
- echo >&2 'MySQL init process failed.'
- exit 1
- fi
-
- echo
- echo 'MySQL init process done. Ready for start up.'
- echo
- fi
-fi
-
-exec "$@"
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# Example MySQL config file for medium systems.
-#
-# This is for a system with memory 8G where MySQL plays
-# an important part, or systems up to 128M where MySQL is used together with
-# other programs (such as a web server)
-#
-# In this file, you can use all long options that a program supports.
-# If you want to know which options a program supports, run the program
-# with the "--help" option.
-
-# The following options will be passed to all MySQL clients
-##[client]
-##user = root
-##port = 3306
-##socket = //opt/app/mysql/mysql.sock
-
-# Here follows entries for some specific programs
-
-# The MySQL server
-[mysqld]
-##performance_schema
-
-slow_query_log =ON
-long_query_time =2
-slow_query_log_file =//var/lib/mysql/slow_query.log
-##basedir = //opt/app/mysql/product/mariadb-10.1.11-linux-x86_64
-##datadir = //opt/app/mysql/data
-##port = 3306
-##socket = //opt/app/mysql/mysql.sock
-skip-external-locking
-explicit_defaults_for_timestamp = true
-skip-symbolic-links
-local-infile = 0
-#ignore_db_dir=lost+found
-key_buffer_size = 16M
-max_allowed_packet = 4M
-table_open_cache = 100
-sort_buffer_size = 512K
-net_buffer_length = 8K
-read_buffer_size = 256K
-read_rnd_buffer_size = 512K
-myisam_sort_buffer_size = 8M
-max_connections = 500
-lower_case_table_names = 1
-thread_stack = 256K
-thread_cache_size = 25
-query_cache_size = 8M
-query_cache_type = 0
-query_prealloc_size = 512K
-query_cache_limit = 1M
-
-# Password validation
-##plugin-load-add=simple_password_check.so
-##simple_password_check_other_characters=0
-
-# Audit Log settings
-plugin-load-add=server_audit.so
-server_audit=FORCE_PLUS_PERMANENT
-server_audit_file_path=//var/lib/mysql/audit.log
-server_audit_file_rotate_size=50M
-server_audit_events=CONNECT,QUERY,TABLE
-server_audit_logging=on
-
-# Don't listen on a TCP/IP port at all. This can be a security enhancement,
-# if all processes that need to connect to mysqld run on the same host.
-# All interaction with mysqld must be made via Unix sockets or named pipes.
-# Note that using this option without enabling named pipes on Windows
-# (via the "enable-named-pipe" option) will render mysqld useless!
-#
-#skip-networking
-
-# Replication Master Server (default)
-# binary logging is required for replication
-##log-bin=//var/lib/mysql/mysql-bin
-
-# binary logging format - mixed recommended
-binlog_format=row
-
-# required unique id between 1 and 2^32 - 1
-# defaults to 1 if master-host is not set
-# but will not function as a master if omitted
-
-# Replication Slave (comment out master section to use this)
-#
-# To configure this host as a replication slave, you can choose between
-# two methods :
-#
-# 1) Use the CHANGE MASTER TO command (fully described in our manual) -
-# the syntax is:
-#
-# CHANGE MASTER TO MASTER_HOST=<host>, MASTER_PORT=<port>,
-# MASTER_USER=<user>, MASTER_PASSWORD=<password> ;
-#
-# where you replace <host>, <user>, <password> by quoted strings and
-# <port> by the master's port number (3306 by default).
-#
-# Example:
-#
-# CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306,
-# MASTER_USER='joe', MASTER_PASSWORD='secret';
-#
-# OR
-#
-# 2) Set the variables below. However, in case you choose this method, then
-# start replication for the first time (even unsuccessfully, for example
-# if you mistyped the password in master-password and the slave fails to
-# connect), the slave will create a master.info file, and any later
-# change in this file to the variables' values below will be ignored and
-# overridden by the content of the master.info file, unless you shutdown
-# the slave server, delete master.info and restart the slaver server.
-# For that reason, you may want to leave the lines below untouched
-# (commented) and instead use CHANGE MASTER TO (see above)
-#
-# required unique id between 2 and 2^32 - 1
-# (and different from the master)
-# defaults to 2 if master-host is set
-# but will not function as a slave if omitted
-#server-id = 2
-#
-# The replication master for this slave - required
-#master-host = <hostname>
-#
-# The username the slave will use for authentication when connecting
-# to the master - required
-#master-user = <username>
-#
-# The password the slave will authenticate with when connecting to
-# the master - required
-#master-password = <password>
-#
-# The port the master is listening on.
-# optional - defaults to 3306
-#master-port = <port>
-#
-# binary logging - not required for slaves, but recommended
-#log-bin=mysql-bin
-
-# Uncomment the following if you are using InnoDB tables
-##innodb_data_home_dir = //opt/app/mysql/data
-##innodb_data_file_path = ibdata1:20M:autoextend:max:32G
-##innodb_log_group_home_dir = //opt/app/mysql/iblogs
-# You can set .._buffer_pool_size up to 50 - 80 %
-# of RAM but beware of setting memory usage too high
-innodb_buffer_pool_size = 128M
-#innodb_additional_mem_pool_size = 2M
-# Set .._log_file_size to 25 % of buffer pool size
-innodb_log_file_size = 10M
-innodb_log_files_in_group = 3
-innodb_log_buffer_size = 8M
-#innodb_flush_log_at_trx_commit = 1
-innodb_lock_wait_timeout = 50
-innodb_autoextend_increment = 100
-expire_logs_days = 8
-open_files_limit = 2000
-transaction-isolation=READ-COMMITTED
-####### Galera parameters #######
-## Galera Provider configuration
-wsrep_provider=/usr/lib/galera/libgalera_smm.so
-wsrep_provider_options="gcache.size=128M; gcache.page_size=10M"
-## Galera Cluster configuration
-wsrep_cluster_name="MSO-automated-tests-cluster"
-wsrep_cluster_address="gcomm://"
-#wsrep_cluster_address="gcomm://mariadb1,mariadb2,mariadb3"
-##wsrep_cluster_address="gcomm://192.169.3.184,192.169.3.185,192.169.3.186"
-## Galera Synchronization configuration
-wsrep_sst_method=rsync
-#wsrep_sst_method=xtrabackup-v2
-#wsrep_sst_auth="sstuser:Mon#2o!6"
-## Galera Node configuration
-wsrep_node_name="mariadb1"
-##wsrep_node_address="192.169.3.184"
-wsrep_on=OFF
-## Status notification
-#wsrep_notify_cmd=/opt/app/mysql/bin/wsrep_notify
-#######
-
-
-[mysqldump]
-quick
-max_allowed_packet = 16M
-
-[mysql]
-no-auto-rehash
-# Remove the next comment character if you are not familiar with SQL
-#safe-updates
-
-[myisamchk]
-key_buffer_size = 20971520
-
-##[mysqlhotcopy]
-##interactive-timeout
-##[mysqld_safe]
-##malloc-lib=//opt/app/mysql/local/lib/libjemalloc.so.1
-##log-error=//opt/app/mysql/log/mysqld.log
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#{{ if not .Values.disableClampClampMariadb }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: clamp-entrypoint-bulkload-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: clamp-mariadb-conf-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/mariadb/conf.d/conf1/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/init/*").AsConfig . | indent 2 }}
-#{{ end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MYSQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- - name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
- - name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12 }}
- - name: MYSQL_DATABASE
- value: {{ tpl .Values.db.databaseName .}}
- volumeMounts:
- - mountPath: /docker-entrypoint.sh
- subPath: docker-entrypoint.sh
- name: init-script
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /docker-entrypoint-initdb.d/
- name: docker-entrypoint-bulkload
- - mountPath: /etc/mysql/conf.d/conf1/
- name: clamp-mariadb-conf
- - mountPath: /var/lib/mysql
- name: clamp-mariadb-data
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- {{- if .Values.persistence.enabled }}
- - name: clamp-mariadb-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- - name: docker-entrypoint-bulkload
- configMap:
- name: clamp-entrypoint-bulkload-configmap
- - name: clamp-mariadb-conf
- configMap:
- name: clamp-mariadb-conf-configmap
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: init-script
- configMap:
- name: {{ include "common.fullname" . }}
- defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- {{- end}}
- name: {{ .Values.service.portName }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global: # global defaults
- nodePortPrefix: 302
-
- persistence: {}
-# application image
-repository: nexus3.onap.org:10001
-image: mariadb:10.3.12
-pullPolicy: Always
-flavor: small
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-root-pass
- type: password
- externalSecret: '{{ tpl (default "" .Values.db.rootCredsExternalSecret) . }}'
- password: '{{ .Values.db.rootPass }}'
- - uid: db-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
-
-# Application configuration
-db: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: clamp/mariadb/data
-
-service:
- type: ClusterIP
- name: clampdb
- portName: clampdb
- internalPort: 3306
- externalPort: 3306
-
-
-ingress:
- enabled: false
-
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
- small:
- limits:
- cpu: 1
- memory: 500Mi
- requests:
- cpu: 10m
- memory: 200Mi
- large:
- limits:
- cpu: 1
- memory: 500Mi
- requests:
- cpu: 10m
- memory: 200Mi
- unlimited: {}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+###
+# ============LICENSE_START=======================================================
+# ONAP CLAMP
+# ================================================================================
+# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights
+# reserved.
+# ================================================================================
+# Modifications copyright (c) 2019 Nokia
+# ================================================================================\
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END============================================
+# ===================================================================
+#
+###
+*/}}
+{{- if .Values.global.aafEnabled }}
+server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}
+server.ssl.key-store-password=${cadi_keystore_password_p12}
+server.ssl.key-password=${cadi_key_password}
+server.ssl.key-store-type=PKCS12
+server.ssl.key-alias={{ .Values.certInitializer.fqi }}
+
+# The key file used to decode the key store and trust store password
+# If not defined, the key store and trust store password will not be decrypted
+clamp.config.keyFile=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keyFile }}
+
+## Config part for Client certificates
+server.ssl.client-auth=want
+server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}
+server.ssl.trust-store-password=${cadi_truststore_password}
+{{- end }}
+
+#clds datasource connection details
+spring.datasource.username=${MYSQL_USER}
+spring.datasource.password=${MYSQL_PASSWORD}
+spring.datasource.url=jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3
+spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements
+
+#The log folder that will be used in logback.xml file
+clamp.config.files.sdcController=file:/opt/clamp/sdc-controllers-config.json
+
+#
+# Configuration Settings for Policy Engine Components
+clamp.config.policy.api.url=https4://policy-api.{{ include "common.namespace" . }}:6969
+clamp.config.policy.api.userName=healthcheck
+clamp.config.policy.api.password=zb!XztG34
+clamp.config.policy.pap.url=https4://policy-pap.{{ include "common.namespace" . }}:6969
+clamp.config.policy.pap.userName=healthcheck
+clamp.config.policy.pap.password=zb!XztG34
+
+#DCAE Inventory Url Properties
+clamp.config.dcae.inventory.url=https4://inventory.{{ include "common.namespace" . }}:8080
+clamp.config.dcae.dispatcher.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443
+#DCAE Deployment Url Properties
+clamp.config.dcae.deployment.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443
+clamp.config.dcae.deployment.userName=none
+clamp.config.dcae.deployment.password=none
+
+#AAF related parameters
+clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+ #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+ paths:
+ - /var/log/onap/*/*/*/*.log
+ - /var/log/onap/*/*/*.log
+ - /var/log/onap/*/*.log
+ #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+ ignore_older: 48h
+ # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+ clean_inactive: 96h
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+ #List of logstash server ip addresses with port number.
+ #But, in our case, this will be the loadbalancer IP address.
+ #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+ hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"]
+ #If enable will do load balancing among availabe Logstash, automatically.
+ loadbalance: true
+
+ #The list of root certificates for server verifications.
+ #If certificate_authorities is empty or not set, the trusted
+ #certificate authorities of the host system are used.
+ #ssl.certificate_authorities: $ssl.certificate_authorities
+
+ #The path to the certificate for SSL client authentication. If the certificate is not specified,
+ #client authentication is not available.
+ #ssl.certificate: $ssl.certificate
+
+ #The client certificate key used for client authentication.
+ #ssl.key: $ssl.key
+
+ #The passphrase used to decrypt an encrypted key stored in the configured key file
+ #ssl.key_passphrase: $ssl.key_passphrase
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{ include "common.log.configMap" . }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - clamp-mariadb
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ # side car containers
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
+ # main container
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ workingDir: "/opt/clamp/"
+ args:
+ - -c
+ - |
+ {{- if .Values.global.aafEnabled }}
+ export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0)
+ {{- end }}
+ java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./app.jar
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - name: logs
+ mountPath: {{ .Values.log.path }}
+ - mountPath: /opt/clamp/sdc-controllers-config.json
+ name: {{ include "common.fullname" . }}-config
+ subPath: sdc-controllers-config.json
+ - mountPath: /opt/clamp/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ env:
+ - name: MYSQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: MYSQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: MYSQL_DATABASE
+ value: {{ tpl .Values.db.databaseName .}}
+ {{- if ne "unlimited" (include "common.flavor" .) }}
+ - name: JAVA_RAM_CONFIGURATION
+ value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75
+ {{- end }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ items:
+ - key: sdc-controllers-config.json
+ path: sdc-controllers-config.json
+ - key: application.properties
+ path: application.properties
+ - name: logs
+ emptyDir: {}
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: # global defaults
+ nodePortPrefix: 302
+ persistence: {}
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ keystoreFile: 'org.onap.clamp.p12'
+ truststoreFile: 'org.onap.clamp.trust.jks'
+ keyFile: 'org.onap.clamp.keyfile'
+ truststoreFileONAP: 'truststoreONAPall.jks'
+ nameOverride: clamp-backend-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: '-72.0'
+ cadi_latitude: '38.0'
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+ grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_truststore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_truststore_password.pwd;
+ grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_key_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_key_password.pwd;
+ grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password.pwd;
+ grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password_p12=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password_p12.pwd;
+ cd {{ .Values.credsPath }};
+ chmod a+rx *;
+
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
+flavor: small
+
+# application image
+image: onap/clamp-backend:5.1.5
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# log configuration
+log:
+ path: /var/log/onap
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+#####dummy values for db user and password to pass lint!!!#######
+
+db:
+ user: dummyclds
+ password: dummysidnnd83K
+ databaseName: dummycldsdb4
+
+config:
+ log:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+ mysqlPassword: strong_pitchou
+ dataRootDir: /dockerdata-nfs
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ timeoutSeconds: 3
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 3
+
+service:
+ type: ClusterIP
+ name: clamp-backend
+ portName: clamp-backend
+ internalPort: 8443
+ externalPort: 443
+
+ingress:
+ enabled: false
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 1
+ memory: 3Gi
+ requests:
+ cpu: 10m
+ memory: 3Gi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+---
+# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ======================== Elasticsearch Configuration =========================
+#
+# NOTE: Elasticsearch comes with reasonable defaults for most settings.
+# Before you set out to tweak and tune the configuration, make sure you
+# understand what are you trying to accomplish and the consequences.
+#
+# The primary way of configuring a node is via this file. This template lists
+# the most important settings you may want to configure for a production cluster.
+#
+# Please consult the documentation for further information on configuration options:
+# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
+#
+# ---------------------------------- Cluster -----------------------------------
+#
+# Name of the Elasticsearch cluster.
+# A node can only join a cluster when it shares its cluster.name with all the other nodes in the cluster.
+# The default name is elasticsearch, but you should change it to an appropriate name which describes the
+# purpose of the cluster.
+#
+## Default Elasticsearch configuration from elasticsearch-docker.
+## from https://opendistro.github.io/for-elasticsearch-docs/docs/elasticsearch/configuration/
+#
+
+cluster.name: "clamp-dashboard"
+node.name: "cldash-es-node1"
+# ---------------------------------- Network -----------------------------------
+#
+# Set the bind address to a specific IP (IPv4 or IPv6):
+# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a
+# non-loopback address.
+network.host: 0.0.0.0
+#
+# Set a custom port for HTTP: If required, default is 9200-9300
+#
+#http.port: $http.port
+#
+# For more information, consult the network module documentation.
+# ----------------------------------- Paths ------------------------------------
+#
+# The location of the data files of each index / shard allocated on the node. Can hold multiple locations separated by coma.
+# In production, we should not keep this default to "/elasticsearch/data", as on upgrading Elasticsearch, directory structure
+# may change & can deal to data loss.
+path.data: /usr/share/elasticsearch/data
+#
+# Elasticsearch's log files location. In production, we should not keep this default to "/elasticsearch/logs",
+# as on upgrading Elasticsearch, directory structure may change.
+path.logs: /usr/share/elasticsearch/logs
+#
+# ----------------------------------- Memory -----------------------------------
+#
+# It is vitally important to the health of your node that none of the JVM is ever swapped out to disk.
+# Lock the memory on startup.
+#
+bootstrap.memory_lock: false
+#
+# Make sure that the heap size is set to about half the memory available
+# on the system and that the owner of the process is allowed to use this
+# limit.
+#
+# Elasticsearch performs poorly when the system is swapping the memory.
+#
+# --------------------------------- Discovery ----------------------------------
+#
+# Pass an initial list of hosts to perform discovery when new node is started
+# To form a cluster with nodes on other servers, you have to provide a seed list of other nodes in the cluster
+# that are likely to be live and contactable.
+# By default, Elasticsearch will bind to the available loopback addresses and will scan ports 9300 to 9305 to try
+# to connect to other nodes running on the same server.
+# # minimum_master_nodes need to be explicitly set when bound on a public IP
+# # set to 1 to allow single node clusters
+# # Details: https://github.com/elastic/elasticsearch/pull/17288
+discovery.zen.minimum_master_nodes: 1
+discovery.seed_hosts: []
+# # Breaking change in 7.0
+# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes
+cluster.initial_master_nodes:
+ - cldash-es-node1
+# - docker-test-node-1
+# ---------------------------------- Various -----------------------------------
+#
+# Require explicit names when deleting indices:
+#
+#action.destructive_requires_name: true
+# Set a custom port for HTTP: If required, default is 9200-9300
+# This is used for REST APIs
+http.port: {{.Values.service.externalPort}}
+# Port to bind for communication between nodes. Accepts a single value or a range.
+# If a range is specified, the node will bind to the first available port in the range.
+# Defaults to 9300-9400.
+# More info:
+transport.tcp.port: {{.Values.service.externalPort2}}
+
+######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
+# WARNING: revise all the lines below before you go into production
+{{- if .Values.global.aafEnabled }}
+opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
+opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
+opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
+opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
+opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
+opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
+{{- else }}
+opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
+opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
+opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.ssl.http.pemcert_filepath: esnode.pem
+opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
+opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+{{- end }}
+opendistro_security.ssl.transport.enforce_hostname_verification: false
+opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
+
+opendistro_security.allow_unsafe_democertificates: true
+opendistro_security.allow_default_init_securityindex: true
+opendistro_security.authcz.admin_dn:
+ - CN=kirk,OU=client,O=client,L=test, C=de
+
+opendistro_security.audit.type: internal_elasticsearch
+opendistro_security.enable_snapshot_restore_privilege: true
+opendistro_security.check_snapshot_restore_write_privileges: true
+opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
+cluster.routing.allocation.disk.threshold_enabled: false
+node.max_local_storage_nodes: 3
+######## End OpenDistro for Elasticsearch Security Demo Configuration ########
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ sysctl -w vm.max_map_count=262144
+ mkdir -p /usr/share/elasticsearch/logs
+ mkdir -p /usr/share/elasticsearch/data
+ chmod -R 777 /usr/share/elasticsearch
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ securityContext:
+ privileged: true
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /usr/share/elasticsearch/logs/
+ - name: {{ include "common.fullname" . }}-data
+ mountPath: /usr/share/elasticsearch/data/
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_key }}
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_pem }}
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_ca_certs_pem }}
+ /usr/local/bin/docker-entrypoint.sh
+ {{- end }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ name: {{ include "common.servicename" . }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ name: {{ include "common.servicename" . }}2
+# disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort2 }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ env:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
+ name: {{ include "common.fullname" . }}-config
+ subPath: elasticsearch.yml
+ - mountPath: /usr/share/elasticsearch/data/
+ name: {{ include "common.fullname" . }}-data
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ items:
+ - key: elasticsearch.yml
+ path: elasticsearch.yml
+ - name: {{ include "common.fullname" . }}-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-logs
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPathLogs }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.config.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.config.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}-tcp
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type2 }}
+ ports:
+ {{if eq .Values.service.type2 "NodePort" -}}
+ - port: {{ .Values.service.externalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.config.portName2 }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.config.portName2 }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2020 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ persistence: {}
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ clamp_key: "org.onap.clamp.crt.key"
+ clamp_pem: "org.onap.clamp.key.pem"
+ clamp_ca_certs_pem: "clamp-ca-certs.pem"
+ nameOverride: clamp-es-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ cd {{ .Values.credsPath }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+ chmod a+rx *;
+
+flavor: small
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/clamp-dashboard-elasticsearch:5.0.4
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+config: {}
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 180
+ periodSeconds: 30
+ timeoutSeconds: 5
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 180
+ periodSeconds: 30
+ timeoutSeconds: 5
+
+## Persist data to a persitent volume
+persistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ accessMode: ReadWriteOnce
+ size: 4Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: clamp/dashboard-elasticsearch/data
+ mountSubPathLogs: clamp
+
+security:
+ ssl:
+ enabled: true
+
+service:
+ type: ClusterIP
+ name: cdash-es
+ portName: cdash-es-rest
+ externalPort: 9200
+ internalPort: 9200
+ type2: ClusterIP
+ portName2: cdash-es-tcp
+ externalPort2: 9300
+ internalPort2: 9300
+
+ingress:
+ enabled: false
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 2.5Gi
+ large:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 2.5Gi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.# Default Kibana configuration from kibana-docker.
+*/}}
+
+server.name: "Clamp CL Dashboard"
+server.host: "0"
+# Kibana is served by a back end server. This setting specifies the port to use.
+server.port: {{.Values.service.externalPort}}
+
+server.ssl.enabled: {{.Values.config.sslEnabled}}
+{{- if .Values.global.aafEnabled }}
+server.ssl.certificate: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }}
+server.ssl.key: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }}
+{{ else }}
+server.ssl.certificate: {{.Values.config.sslPemCertFilePath}}
+server.ssl.key: {{.Values.config.sslPemkeyFilePath}}
+{{- end }}
+# The URL of the Elasticsearch instance to use for all your queries.
+elasticsearch.hosts: ${elasticsearch_base_url}
+
+elasticsearch.ssl.verificationMode: none
+elasticsearch.username: {{.Values.config.elasticUSR}}
+elasticsearch.password: {{.Values.config.elasticPWD}}
+
+elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
+
+opendistro_security.multitenancy.enabled: true
+opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
+opendistro_security.readonly_mode.roles: ["kibana_read_only"]
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-pem-keys
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - clamp-dash-es
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ name: {{ include "common.servicename" . }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+# disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ env:
+ - name: elasticsearch_base_url
+ value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /usr/share/kibana/config/kibana.yml
+ name: {{ include "common.fullname" . }}
+ subPath: kibana.yml
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}
+ configMap:
+ name: {{ include "common.fullname" . }}
+ items:
+ - key: kibana.yml
+ path: kibana.yml
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/* # Copyright © 2020 Samsung, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.config.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.config.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ persistence: {}
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ clamp_key: "org.onap.clamp.crt.key"
+ clamp_pem: "org.onap.clamp.key.pem"
+ clamp_ca_certs_pem: "clamp-ca-certs.pem"
+ nameOverride: clamp-kibana-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ cd {{ .Values.credsPath }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+ chmod a+rx *;
+
+flavor: small
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/clamp-dashboard-kibana:5.0.4
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+#the 'sslEnabled flag' here below is for the kibana UI connection (web browser connection to kibana)
+config:
+ elasticsearchServiceName: cdash-es
+ elasticsearchPort: 9200
+ elasticUSR: kibanaserver
+ elasticPWD: kibanaserver
+ sslEnabled: true
+ sslPemCertFilePath: /usr/share/kibana/config/keystore/org.onap.clamp.crt.pem
+ sslPemkeyFilePath: /usr/share/kibana/config/keystore/org.onap.clamp.key.pem
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 360
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 360
+ periodSeconds: 30
+
+#internal ssl security scheme for elasticsearch connection mainly
+security:
+ ssl:
+ enabled: true
+
+service:
+ #Example service definition with external, internal and node ports.
+ #Services may use any combination of ports depending on the 'type' of
+ #service being defined.
+ type: NodePort
+ name: cdash-kibana
+ portName: cdash-kibana-http
+ externalPort: 5601
+ internalPort: 5601
+ nodePort: 90
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "cdash-kibana"
+ name: "cdash-kibana"
+ port: 5601
+ config:
+ ssl: "redirect"
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 2Gi
+ requests:
+ cpu: 10m
+ memory: 750Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 2Gi
+ requests:
+ cpu: 10m
+ memory: 750Mi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+http.host: "0.0.0.0"
+## Path where pipeline configurations reside
+path.config: /usr/share/logstash/pipeline
+
+## Type of queue : memeory based or file based
+#queue.type: persisted
+## Size of queue
+#queue.max_bytes: 1024mb
+## Setting true makes logstash check periodically for change in pipeline configurations
+config.reload.automatic: true
+
--- /dev/null
+{{/*
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+input {
+ http_poller {
+ urls => {
+ event_queue => {
+ method => get
+ url => "${dmaap_base_url}/events/${event_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
+ headers => {
+ Accept => "application/json"
+ }
+ topic => "${event_topic}"
+ tags => [ "dmaap_source" ]
+ }
+ notification_queue => {
+ method => get
+ url => "${dmaap_base_url}/events/${notification_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
+ headers => {
+ Accept => "application/json"
+ }
+ topic => "${notification_topic}"
+ tags => [ "dmaap_source" ]
+ }
+ request_queue => {
+ method => get
+ url => "${dmaap_base_url}/events/${request_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
+ headers => {
+ Accept => "application/json"
+ }
+ topic => "${request_topic}"
+ tags => [ "dmaap_source" ]
+ }
+ }
+ socket_timeout => 30
+ request_timeout => 30
+ schedule => { "every" => "1m" }
+ codec => "plain"
+{{- if .Values.global.aafEnabled }}
+ cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
+ cacert => "/certs.d/aafca.pem"
+{{- end }}
+ }
+}
+
+
+filter {
+ # avoid noise if no entry in the list
+ if [message] == "[]" {
+ drop { }
+ }
+
+ if [http_request_failure] or [@metadata][code] != 200 {
+ mutate {
+ add_tag => [ "error" ]
+ }
+ }
+
+ if "dmaap_source" in [@metadata][request][tags] {
+ #
+ # Dmaap provides a json list, whose items are Strings containing the event
+ # provided to Dmaap, which itself is an escaped json.
+ #
+ # We first need to parse the json as we have to use the plaintext as it cannot
+ # work with list of events, then split that list into multiple string events,
+ # that we then transform into json.
+ #
+ json {
+ source => "[message]"
+ target => "message"
+ }
+
+ split {
+ field => "message"
+ }
+ json {
+ source => "message"
+ }
+ mutate {
+ remove_field => [ "message" ]
+ }
+ }
+
+ #
+ # Some timestamps are expressed as milliseconds, some are in microseconds
+ #
+ if [closedLoopAlarmStart] {
+ ruby {
+ code => "
+ if event.get('closedLoopAlarmStart').to_s.to_i(10) > 9999999999999
+ event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10) / 1000)
+ else
+ event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10))
+ end
+ "
+ }
+ date {
+ match => [ "closedLoopAlarmStart", UNIX_MS ]
+ target => "closedLoopAlarmStart"
+ }
+ }
+
+ if [closedLoopAlarmEnd] {
+ ruby {
+ code => "
+ if event.get('closedLoopAlarmEnd').to_s.to_i(10) > 9999999999999
+ event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10) / 1000)
+ else
+ event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10))
+ end
+ "
+ }
+ date {
+ match => [ "closedLoopAlarmEnd", UNIX_MS ]
+ target => "closedLoopAlarmEnd"
+ }
+
+ }
+
+
+ #
+ # Notification time are expressed under the form "yyyy-MM-dd HH:mm:ss", which
+ # is close to ISO8601, but lacks of T as spacer: "yyyy-MM-ddTHH:mm:ss"
+ #
+ if [notificationTime] {
+ mutate {
+ gsub => [
+ "notificationTime", " ", "T"
+ ]
+ }
+ date {
+ match => [ "notificationTime", ISO8601 ]
+ target => "notificationTime"
+ }
+ }
+
+
+ #
+ # Renaming some fields for readability
+ #
+ if [AAI][generic-vnf.vnf-name] {
+ mutate {
+ add_field => { "vnfName" => "%{[AAI][generic-vnf.vnf-name]}" }
+ }
+ }
+ if [AAI][generic-vnf.vnf-type] {
+ mutate {
+ add_field => { "vnfType" => "%{[AAI][generic-vnf.vnf-type]}" }
+ }
+ }
+ if [AAI][vserver.vserver-name] {
+ mutate {
+ add_field => { "vmName" => "%{[AAI][vserver.vserver-name]}" }
+ }
+ }
+ if [AAI][complex.city] {
+ mutate {
+ add_field => { "locationCity" => "%{[AAI][complex.city]}" }
+ }
+ }
+ if [AAI][complex.state] {
+ mutate {
+ add_field => { "locationState" => "%{[AAI][complex.state]}" }
+ }
+ }
+
+
+ #
+ # Adding some flags to ease aggregation
+ #
+ if [closedLoopEventStatus] =~ /(?i)ABATED/ {
+ mutate {
+ add_field => { "flagAbated" => "1" }
+ }
+ }
+ if [notification] =~ /^.*?(?:\b|_)FINAL(?:\b|_).*?(?:\b|_)FAILURE(?:\b|_).*?$/ {
+ mutate {
+ add_field => { "flagFinalFailure" => "1" }
+ }
+ }
+
+
+ if "error" not in [@metadata][request][tags]{
+ #
+ # Creating data for a secondary index
+ #
+ clone {
+ clones => [ "event-cl-aggs" ]
+ add_tag => [ "event-cl-aggs" ]
+ }
+
+ if "event-cl-aggs" in [@metadata][request][tags]{
+ #
+ # we only need a few fields for aggregations; remove all fields from clone except :
+ # vmName,vnfName,vnfType,requestID,closedLoopAlarmStart, closedLoopControlName,closedLoopAlarmEnd,abated,nbrDmaapevents,finalFailure
+ #
+ prune {
+ whitelist_names => ["^@.*$","^topic$","^type$","^tags$","^flagFinalFailure$","^flagAbated$","^locationState$","^locationCity$","^vmName$","^vnfName$","^vnfType$","^requestID$","^closedLoopAlarmStart$","^closedLoopControlName$","^closedLoopAlarmEnd$","^target$","^target_type$","^triggerSourceName$","^policyScope$","^policyName$","^policyVersion$"]
+ }
+
+ }
+ }
+}
+
+
+output {
+ stdout {
+ codec => rubydebug
+ }
+
+ if "error" in [tags] {
+ elasticsearch {
+ ilm_enabled => false
+ codec => "json"
+{{- if .Values.global.aafEnabled }}
+ cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
+ cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
+ ssl_certificate_verification => false
+ hosts => ["${elasticsearch_base_url}"]
+ user => ["${logstash_user}"]
+ password => ["${logstash_pwd}"]
+ index => "errors-%{+YYYY.MM.DD}"
+ doc_as_upsert => true
+ }
+
+ } else if "event-cl-aggs" in [tags] {
+ elasticsearch {
+ ilm_enabled => false
+ codec => "json"
+ hosts => ["${elasticsearch_base_url}"]
+{{- if .Values.global.aafEnabled }}
+ cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
+ cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
+ ssl_certificate_verification => false
+ user => ["${logstash_user}"]
+ password => ["${logstash_pwd}"]
+ document_id => "%{requestID}"
+ index => "events-cl-%{+YYYY.MM.DD}" # creates daily indexes for control loop
+ doc_as_upsert => true
+ action => "update"
+ }
+
+ } else {
+ elasticsearch {
+ ilm_enabled => false
+ codec => "json"
+ hosts => ["${elasticsearch_base_url}"]
+{{- if .Values.global.aafEnabled }}
+ cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
+ cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
+ ssl_certificate_verification => false
+ user => ["${logstash_user}"]
+ password => ["${logstash_pwd}"]
+ index => "events-%{+YYYY.MM.DD}" # creates daily indexes
+ doc_as_upsert => true
+ }
+ }
+}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - clamp-dash-es
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: dmaap_consumer_group
+ value: "{{ .Values.config.dmaapConsumerGroup }}"
+ - name: dmaap_consumer_id
+ value: "{{ .Values.config.dmaapConsumerId }}"
+ - name: event_topic
+ value: "{{ .Values.config.eventTopic }}"
+ - name: notification_topic
+ value: "{{ .Values.config.notificationTopic }}"
+ - name: request_topic
+ value: "{{ .Values.config.requestTopic }}"
+ - name: dmaap_base_url
+ value: {{ ternary "https" "http" .Values.security.ssl.enabled }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }}
+ - name: logstash_user
+ value: "{{ .Values.config.logstash_user }}"
+ - name: logstash_pwd
+ value: "{{ .Values.config.logstash_pwd }}"
+ - name: elasticsearch_base_url
+ value: "{{ ternary "https" "http" .Values.security.ssl.enabled }}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ name: {{ include "common.servicename" . }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+# disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end -}}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /usr/share/logstash/config/logstash.yml
+ name: {{ include "common.fullname" . }}
+ subPath: logstash.yml
+ - mountPath: /usr/share/logstash/pipeline/logstash.conf
+ name: {{ include "common.fullname" . }}
+ subPath: pipeline.conf
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}
+ configMap:
+ name: {{ include "common.fullname" . }}
+ items:
+ - key: logstash.yml
+ path: logstash.yml
+ - key: pipeline.conf
+ path: pipeline.conf
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.config.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.config.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ persistence: {}
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ clamp_key: "org.onap.clamp.crt.key"
+ clamp_pem: "org.onap.clamp.key.pem"
+ clamp_ca_certs_pem: "clamp-ca-certs.pem"
+ nameOverride: clamp-logstash-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ cd {{ .Values.credsPath }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+ chmod a+rx *;
+
+flavor: small
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+# application image
+image: onap/clamp-dashboard-logstash:5.0.4
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ elasticsearchServiceName: cdash-es
+ elasticsearchPort: 9200
+ dmaapHost: message-router
+ dmaapSchemeSSL: https
+ dmaapSchemeNoSSL: http
+ dmaapPort: 3905
+ dmaapConsumerGroup: "clampdashboard"
+ dmaapConsumerId: "clampdashboard"
+ eventTopic: "DCAE-CL-EVENT"
+ notificationTopic: "POLICY-CL-MGT"
+ requestTopic: "APPC-CL"
+ logstash_user: "logstash"
+ logstash_pwd: "logstash"
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 900
+ periodSeconds: 20
+ timeoutSeconds: 5
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 900
+ periodSeconds: 20
+ timeoutSeconds: 5
+
+security:
+ ssl:
+ enabled: true
+
+service:
+ #Example service definition with external, internal and node ports.
+ #Services may use any combination of ports depending on the 'type' of
+ #service being defined.
+ type: ClusterIP
+ name: cdash-ls
+ portName: cdash-ls-healthcheck
+ externalPort: 9600
+ internalPort: 9600
+ingress:
+ enabled: false
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1.3Gi
+ requests:
+ cpu: 10m
+ memory: 750Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 1.3Gi
+ requests:
+ cpu: 10m
+ memory: 750Mi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: MariaDB Service
+name: clamp-mariadb
+version: 6.0.0
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+set -eo pipefail
+shopt -s nullglob
+
+# if command starts with an option, prepend mysqld
+if [ "${1:0:1}" = '-' ]; then
+ set -- mysqld "$@"
+fi
+
+# skip setup if they want an option that stops mysqld
+wantHelp=
+for arg; do
+ case "$arg" in
+ -'?'|--help|--print-defaults|-V|--version)
+ wantHelp=1
+ break
+ ;;
+ esac
+done
+
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+# usage: file_env VAR [DEFAULT]
+# ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+ local var="$1"
+ local fileVar="${var}_FILE"
+ local def="${2:-}"
+ if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+ echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+ exit 1
+ fi
+ local val="$def"
+ if [ "${!var:-}" ]; then
+ val="${!var}"
+ elif [ "${!fileVar:-}" ]; then
+ val="$(< "${!fileVar}")"
+ fi
+ val=`prepare_password $val`
+ export "$var"="$val"
+ unset "$fileVar"
+}
+
+_check_config() {
+ toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" )
+ if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
+ cat >&2 <<-EOM
+
+ ERROR: mysqld failed while attempting to check config
+ command was: "${toRun[*]}"
+
+ $errors
+ EOM
+ exit 1
+ fi
+}
+
+# Fetch value from server config
+# We use mysqld --verbose --help instead of my_print_defaults because the
+# latter only show values present in config files, and not server defaults
+_get_config() {
+ local conf="$1"; shift
+ "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
+ | awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
+ # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)"
+}
+
+# allow the container to be started with `--user`
+if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then
+ _check_config "$@"
+ DATADIR="$(_get_config 'datadir' "$@")"
+ mkdir -p "$DATADIR"
+ find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
+ exec gosu mysql "$BASH_SOURCE" "$@"
+fi
+
+if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
+ # still need to check config, container may have started with --user
+ _check_config "$@"
+ # Get config
+ DATADIR="$(_get_config 'datadir' "$@")"
+
+ if [ ! -d "$DATADIR/mysql" ]; then
+ file_env 'MYSQL_ROOT_PASSWORD'
+ if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ echo >&2 'error: database is uninitialized and password option is not specified '
+ echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
+ exit 1
+ fi
+
+ mkdir -p "$DATADIR"
+
+ echo 'Initializing database'
+ # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
+ mysql_install_db --datadir="$DATADIR" --rpm "${@:2}"
+ echo 'Database initialized'
+
+ SOCKET="$(_get_config 'socket' "$@")"
+ "$@" --skip-networking --socket="${SOCKET}" &
+ pid="$!"
+
+ mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" )
+
+ for i in {30..0}; do
+ if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
+ break
+ fi
+ echo 'MySQL init process in progress...'
+ sleep 1
+ done
+ if [ "$i" = 0 ]; then
+ echo >&2 'MySQL init process failed.'
+ exit 1
+ fi
+
+ if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
+ # sed is for https://bugs.mysql.com/bug.php?id=20545
+ mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
+ fi
+
+ if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
+ echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
+ fi
+
+ rootCreate=
+ # default root to listen for connections from anywhere
+ file_env 'MYSQL_ROOT_HOST' '%'
+ if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then
+ # no, we don't care if read finds a terminating character in this heredoc
+ # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
+ read -r -d '' rootCreate <<-EOSQL || true
+ CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
+ GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
+ EOSQL
+ fi
+
+ "${mysql[@]}" <<-EOSQL
+ -- What's done in this file shouldn't be replicated
+ -- or products like mysql-fabric won't work
+ SET @@SESSION.SQL_LOG_BIN=0;
+
+ DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
+ SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
+ GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
+ ${rootCreate}
+ DROP DATABASE IF EXISTS test ;
+ FLUSH PRIVILEGES ;
+ EOSQL
+
+ if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
+ mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
+ fi
+
+ file_env 'MYSQL_DATABASE'
+ if [ "$MYSQL_DATABASE" ]; then
+ echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
+ mysql+=( "$MYSQL_DATABASE" )
+ fi
+
+ file_env 'MYSQL_USER'
+ file_env 'MYSQL_PASSWORD'
+ if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
+ echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}"
+
+ if [ "$MYSQL_DATABASE" ]; then
+ echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+ fi
+ fi
+
+ echo
+ for f in /docker-entrypoint-initdb.d/*; do
+ case "$f" in
+ *.sh) echo "$0: running $f"; . "$f" ;;
+ *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;;
+ *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;;
+ *) echo "$0: ignoring $f" ;;
+ esac
+ echo
+ done
+
+ if ! kill -s TERM "$pid" || ! wait "$pid"; then
+ echo >&2 'MySQL init process failed.'
+ exit 1
+ fi
+
+ echo
+ echo 'MySQL init process done. Ready for start up.'
+ echo
+ fi
+fi
+
+exec "$@"
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# Example MySQL config file for medium systems.
+#
+# This is for a system with memory 8G where MySQL plays
+# an important part, or systems up to 128M where MySQL is used together with
+# other programs (such as a web server)
+#
+# In this file, you can use all long options that a program supports.
+# If you want to know which options a program supports, run the program
+# with the "--help" option.
+*/}}
+
+# The following options will be passed to all MySQL clients
+##[client]
+##user = root
+##port = 3306
+##socket = //opt/app/mysql/mysql.sock
+
+# Here follows entries for some specific programs
+
+# The MySQL server
+[mysqld]
+##performance_schema
+
+slow_query_log =ON
+long_query_time =2
+slow_query_log_file =//var/lib/mysql/slow_query.log
+##basedir = //opt/app/mysql/product/mariadb-10.1.11-linux-x86_64
+##datadir = //opt/app/mysql/data
+##port = 3306
+##socket = //opt/app/mysql/mysql.sock
+skip-external-locking
+explicit_defaults_for_timestamp = true
+skip-symbolic-links
+local-infile = 0
+#ignore_db_dir=lost+found
+key_buffer_size = 16M
+max_allowed_packet = 4M
+table_open_cache = 100
+sort_buffer_size = 512K
+net_buffer_length = 8K
+read_buffer_size = 256K
+read_rnd_buffer_size = 512K
+myisam_sort_buffer_size = 8M
+max_connections = 500
+lower_case_table_names = 1
+thread_stack = 256K
+thread_cache_size = 25
+query_cache_size = 8M
+query_cache_type = 0
+query_prealloc_size = 512K
+query_cache_limit = 1M
+
+# Password validation
+##plugin-load-add=simple_password_check.so
+##simple_password_check_other_characters=0
+
+# Audit Log settings
+plugin-load-add=server_audit.so
+server_audit=FORCE_PLUS_PERMANENT
+server_audit_file_path=//var/lib/mysql/audit.log
+server_audit_file_rotate_size=50M
+server_audit_events=CONNECT,QUERY,TABLE
+server_audit_logging=on
+
+# Don't listen on a TCP/IP port at all. This can be a security enhancement,
+# if all processes that need to connect to mysqld run on the same host.
+# All interaction with mysqld must be made via Unix sockets or named pipes.
+# Note that using this option without enabling named pipes on Windows
+# (via the "enable-named-pipe" option) will render mysqld useless!
+#
+#skip-networking
+
+# Replication Master Server (default)
+# binary logging is required for replication
+##log-bin=//var/lib/mysql/mysql-bin
+
+# binary logging format - mixed recommended
+binlog_format=row
+
+# required unique id between 1 and 2^32 - 1
+# defaults to 1 if master-host is not set
+# but will not function as a master if omitted
+
+# Replication Slave (comment out master section to use this)
+#
+# To configure this host as a replication slave, you can choose between
+# two methods :
+#
+# 1) Use the CHANGE MASTER TO command (fully described in our manual) -
+# the syntax is:
+#
+# CHANGE MASTER TO MASTER_HOST=<host>, MASTER_PORT=<port>,
+# MASTER_USER=<user>, MASTER_PASSWORD=<password> ;
+#
+# where you replace <host>, <user>, <password> by quoted strings and
+# <port> by the master's port number (3306 by default).
+#
+# Example:
+#
+# CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306,
+# MASTER_USER='joe', MASTER_PASSWORD='secret';
+#
+# OR
+#
+# 2) Set the variables below. However, in case you choose this method, then
+# start replication for the first time (even unsuccessfully, for example
+# if you mistyped the password in master-password and the slave fails to
+# connect), the slave will create a master.info file, and any later
+# change in this file to the variables' values below will be ignored and
+# overridden by the content of the master.info file, unless you shutdown
+# the slave server, delete master.info and restart the slaver server.
+# For that reason, you may want to leave the lines below untouched
+# (commented) and instead use CHANGE MASTER TO (see above)
+#
+# required unique id between 2 and 2^32 - 1
+# (and different from the master)
+# defaults to 2 if master-host is set
+# but will not function as a slave if omitted
+#server-id = 2
+#
+# The replication master for this slave - required
+#master-host = <hostname>
+#
+# The username the slave will use for authentication when connecting
+# to the master - required
+#master-user = <username>
+#
+# The password the slave will authenticate with when connecting to
+# the master - required
+#master-password = <password>
+#
+# The port the master is listening on.
+# optional - defaults to 3306
+#master-port = <port>
+#
+# binary logging - not required for slaves, but recommended
+#log-bin=mysql-bin
+
+# Uncomment the following if you are using InnoDB tables
+##innodb_data_home_dir = //opt/app/mysql/data
+##innodb_data_file_path = ibdata1:20M:autoextend:max:32G
+##innodb_log_group_home_dir = //opt/app/mysql/iblogs
+# You can set .._buffer_pool_size up to 50 - 80 %
+# of RAM but beware of setting memory usage too high
+innodb_buffer_pool_size = 128M
+#innodb_additional_mem_pool_size = 2M
+# Set .._log_file_size to 25 % of buffer pool size
+innodb_log_file_size = 10M
+innodb_log_files_in_group = 3
+innodb_log_buffer_size = 8M
+#innodb_flush_log_at_trx_commit = 1
+innodb_lock_wait_timeout = 50
+innodb_autoextend_increment = 100
+expire_logs_days = 8
+open_files_limit = 2000
+transaction-isolation=READ-COMMITTED
+####### Galera parameters #######
+## Galera Provider configuration
+wsrep_provider=/usr/lib/galera/libgalera_smm.so
+wsrep_provider_options="gcache.size=128M; gcache.page_size=10M"
+## Galera Cluster configuration
+wsrep_cluster_name="MSO-automated-tests-cluster"
+wsrep_cluster_address="gcomm://"
+#wsrep_cluster_address="gcomm://mariadb1,mariadb2,mariadb3"
+##wsrep_cluster_address="gcomm://192.169.3.184,192.169.3.185,192.169.3.186"
+## Galera Synchronization configuration
+wsrep_sst_method=rsync
+#wsrep_sst_method=xtrabackup-v2
+#wsrep_sst_auth="sstuser:Mon#2o!6"
+## Galera Node configuration
+wsrep_node_name="mariadb1"
+##wsrep_node_address="192.169.3.184"
+wsrep_on=OFF
+## Status notification
+#wsrep_notify_cmd=/opt/app/mysql/bin/wsrep_notify
+#######
+
+
+[mysqldump]
+quick
+max_allowed_packet = 16M
+
+[mysql]
+no-auto-rehash
+# Remove the next comment character if you are not familiar with SQL
+#safe-updates
+
+[myisamchk]
+key_buffer_size = 20971520
+
+##[mysqlhotcopy]
+##interactive-timeout
+##[mysqld_safe]
+##malloc-lib=//opt/app/mysql/local/lib/libjemalloc.so.1
+##log-error=//opt/app/mysql/log/mysqld.log
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+#{{ if not .Values.disableClampClampMariadb }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: clamp-entrypoint-bulkload-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: clamp-mariadb-conf-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/mariadb/conf.d/conf1/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/init/*").AsConfig . | indent 2 }}
+#{{ end }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: MYSQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: MYSQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12 }}
+ - name: MYSQL_DATABASE
+ value: {{ tpl .Values.db.databaseName .}}
+ volumeMounts:
+ - mountPath: /docker-entrypoint.sh
+ subPath: docker-entrypoint.sh
+ name: init-script
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /docker-entrypoint-initdb.d/
+ name: docker-entrypoint-bulkload
+ - mountPath: /etc/mysql/conf.d/conf1/
+ name: clamp-mariadb-conf
+ - mountPath: /var/lib/mysql
+ name: clamp-mariadb-data
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.persistence.enabled }}
+ - name: clamp-mariadb-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ - name: docker-entrypoint-bulkload
+ configMap:
+ name: clamp-entrypoint-bulkload-configmap
+ - name: clamp-mariadb-conf
+ configMap:
+ name: clamp-mariadb-conf-configmap
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: init-script
+ configMap:
+ name: {{ include "common.fullname" . }}
+ defaultMode: 0755
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- end}}
+ name: {{ .Values.service.portName }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: # global defaults
+ nodePortPrefix: 302
+
+ persistence: {}
+# application image
+image: mariadb:10.5.4
+pullPolicy: Always
+flavor: small
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-pass
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.db.rootCredsExternalSecret) . }}'
+ password: '{{ .Values.db.rootPass }}'
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+
+# Application configuration
+# dummy value db user pasword to pass lint!!!
+db:
+ user: dummy-clds
+ password: dummy-sidnnd83K
+ databaseName: dummy-cldsdb4
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 3
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 3
+
+## Persist data to a persitent volume
+persistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ accessMode: ReadWriteOnce
+ size: 2Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: clamp/mariadb/data
+
+service:
+ type: ClusterIP
+ name: clampdb
+ portName: clampdb
+ internalPort: 3306
+ externalPort: 3306
+
+
+ingress:
+ enabled: false
+
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 200Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 200Mi
+ unlimited: {}
# limitations under the License.
dependencies:
- - name: common
+ - name: certInitializer
version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: clamp-mariadb
+ version: ~6.x-0
+ repository: 'file://components/clamp-mariadb'
+ - name: clamp-backend
+ version: ~6.x-0
+ repository: 'file://components/clamp-backend'
+ - name: clamp-dash-es
+ version: ~6.x-0
+ repository: 'file://components/clamp-dash-es'
+ - name: clamp-dash-logstash
+ version: ~6.x-0
+ repository: 'file://components/clamp-dash-logstash'
+ - name: clamp-dash-kibana
+ version: ~6.x-0
+ repository: 'file://components/clamp-dash-kibana'
\ No newline at end of file
listen 2443 default ssl;
ssl_protocols TLSv1.2;
+ {{ if .Values.global.aafEnabled }}
+ ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
+ ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
+ {{ else }}
ssl_certificate /etc/ssl/clamp.pem;
ssl_certificate_key /etc/ssl/clamp.key;
+ {{ end }}
+
ssl_verify_client optional_no_ca;
location /restservices/clds/ {
proxy_pass https://clamp-backend:443;
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
filebeat.prospectors:
#it is mandatory, in our case it's log
- input_type: log
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- clamp-backend
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | nindent 6 }}
containers:
# side car containers
{{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
# main container
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: logs
mountPath: {{ .Values.log.path }}
- mountPath: /etc/nginx/conf.d/default.conf
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
#################################################################
global: # global defaults
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- centralizedLoggingEnabled: false
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ clamp_key: "clamp.key"
+ clamp_pem: "clamp.pem"
+ clamp_ca_certs_pem: "clamp-ca-certs.pem"
+ nameOverride: clamp-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ cd {{ .Values.credsPath }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+ chmod a+rx *;
secrets:
- uid: db-root-pass
db:
userCredsExternalSecret: *dbUserPass
databaseName: *dbName
-mariadb:
+clamp-mariadb:
db:
rootCredsExternalSecret: *dbRootPass
userCredsExternalSecret: *dbUserPass
flavor: small
# application image
-repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:5.0.7
+image: onap/clamp-frontend:5.1.5
pullPolicy: Always
# flag to enable debugging - application support required
liveness:
initialDelaySeconds: 120
periodSeconds: 10
+ timeoutSeconds: 3
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
initialDelaySeconds: 10
periodSeconds: 10
-
+ timeoutSeconds: 3
service:
type: NodePort
cpu: 1
memory: 200Mi
requests:
- cpu: 10m
+ cpu: 1m
memory: 50Mi
large:
limits:
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
+{{/*
# Copyright 2020 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Secret
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/cli:5.0.4
+image: onap/cli:6.0.0
pullPolicy: Always
flavor: small
COMMON_CHARTS_DIR := common
EXCLUDES :=
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+PROCESSED_LAST := cert-wrapper repository-wrapper
+PROCESSED_FIRST := repositoryGenerator certInitializer
+TO_FILTER := $(PROCESSED_FIRST) $(EXCLUDES) $(PROCESSED_LAST)
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+HELM_BIN := helm
+HELM_CHARTS := $(PROCESSED_FIRST) $(filter-out $(TO_FILTER), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PROCESSED_LAST)
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(HELM_CHARTS) $(TO_FILTER)
all: $(COMMON_CHARTS_DIR) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
- @helm repo index $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
- name: common
version: ~6.x-0
repository: 'file://../common'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: 'file://../repositoryGenerator'
-#!/usr/bin/python
+#!/usr/bin/env python
import getopt
import logging
import os
from kubernetes import config
from kubernetes.client import Configuration
-from kubernetes.client.apis import core_v1_api
+from kubernetes.client.api import core_v1_api
from kubernetes.client.rest import ApiException
from kubernetes.stream import stream
-#!/bin/bash
+#!/bin/sh
# Initialize variables
ss_dir=""
restartPolicy: Never
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.name" . }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- name: "cassandra-backup-init"
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
curr_time=$1
echo "Clearing snapshots!!!"
command="nodetool clearsnapshot -t $curr_time"
- /root/exec.py -p "cassandra" -c "$command"
+ /app/exec.py -p "{{ include "common.name" . }}" -c "$command"
}
{{ $root := . }}
curr_time=`date +%s`
echo "Executing cleanup!!"
command="nodetool cleanup"
- /root/exec.py -p "cassandra" -c "$command"
+ /app/exec.py -p "{{ include "common.name" . }}" -c "$command"
echo "Cleaned Node!! Backing up database now!!!"
command="nodetool snapshot -t $curr_time"
- /root/exec.py -p "cassandra" -c "$command"
+ /app/exec.py -p "{{ include "common.name" . }}" -c "$command"
retCode=$?
if [ $retCode -ne 0 ]; then
echo "Backup Failed!!!"
d=$(echo $d | sed 's:/*$::')
keyspace_name=$(echo "$d" | awk -F/ '{ print $NF }')
if [ 1 ] {{- range $t, $keyspace := $root.Values.backup.keyspacesToSkip }} && [ "{{ $keyspace.name }}" != "$keyspace_name" ] {{- end }}; then
- /root/restore.sh -b $backup_dir/cassandra-{{ $i }}/data -s /onap-data/cassandra-{{ $i }}/data/$keyspace_name -k $keyspace_name -t $curr_time &
+ /app/restore.sh -b $backup_dir/cassandra-{{ $i }}/data -s /onap-data/cassandra-{{ $i }}/data/$keyspace_name -k $keyspace_name -t $curr_time &
pids="$pids $!"
fi
done
- mountPath: /backup
name: backup-dir
- name: scripts
- mountPath: /root/restore.sh
+ mountPath: /app/restore.sh
subPath: restore.sh
- name: scripts
- mountPath: /root/exec.py
+ mountPath: /app/exec.py
subPath: exec.py
containers:
- name: cassandra-backup-validate
- image: "{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.replicaPV" . }}
+{{/*
# Copyright © 2018 Amdocs, AT&T, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.headlessService" . }}
+{{/*
# Copyright © 2018 Amdocs, AT&T, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
hostNetwork: {{ .Values.hostNetwork }}
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 8 }}
volumeMounts:
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
exec:
- command:
+ command:
- /bin/bash
- -c
- nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }'
{{- else }}
command: ["/bin/sh", "-c", "PID=$(pidof java) && kill $PID && while ps -p $PID > /dev/null; do sleep 1; done"]
{{- end }}
- resources:
-{{ toYaml .Values.resources | indent 10 }}
+ resources: {{ toYaml .Values.resources | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
- name: localtime
mountPath: /dockerdata-nfs
backup:
mountPath: /dockerdata-nfs/backup
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
# application image
-repository: nexus3.onap.org:10001
-image: library/cassandra:3.11.4
+image: cassandra:3.11.4
pullPolicy: Always
# flag to enable debugging - application support required
configOverrides: {}
-resources: {}
+# resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
# Minimum memory for development is 2 CPU cores and 4GB memory
# Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+resources:
+ limits:
+ cpu: 0.8
+ memory: 4Gi
+ requests:
+ cpu: 0.2
+ memory: 2.5Gi
backup:
enabled: false
cron: "00 00 * * *"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Wrapper chart to allow truststore to be shared among cert-initializer instances
+name: cert-wrapper
+version: 6.0.0
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: 'file://../certInitializer'
--- /dev/null
+#!/bin/bash
+{{/*
+
+# Copyright © 2020 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+CERTS_DIR=${CERTS_DIR:-/certs}
+WORK_DIR=${WORK_DIR:-/updatedTruststore}
+ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks}
+JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts}
+TRUSTSTORE_OUTPUT_FILENAME=${TRUSTSTORE_OUTPUT_FILENAME:-truststore.jks}
+
+mkdir -p $WORK_DIR
+
+# Decrypt and move relevant files to WORK_DIR
+for f in $CERTS_DIR/*; do
+ if [[ $AAF_ENABLED == false ]] && [[ $f == *$ONAP_TRUSTSTORE* ]]; then
+ # Dont use onap truststore when aaf is disabled
+ continue
+ fi
+ if [[ $f == *.sh ]]; then
+ continue
+ fi
+ if [[ $f == *.b64 ]]
+ then
+ base64 -d $f > $WORK_DIR/`basename $f .b64`
+ else
+ cp $f $WORK_DIR/.
+ fi
+done
+
+# Prepare truststore output file
+if [[ $AAF_ENABLED == true ]]
+ then
+ mv $WORK_DIR/$ONAP_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME
+ else
+ echo "AAF is disabled, using JRE truststore"
+ cp $JRE_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME
+fi
+
+# Import Custom Certificates
+for f in $WORK_DIR/*; do
+ if [[ $f == *.pem ]]; then
+ echo "importing certificate: $f"
+ keytool -import -file $f -alias `basename $f` -keystore $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -storepass $TRUSTSTORE_PASSWORD -noprompt
+ if [[ $? != 0 ]]; then
+ echo "failed importing certificate: $f"
+ exit 1
+ fi
+ fi
+done
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "certs" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+certInitializer:
+ nameOverride: cert-initializer
+ createCertsCM: true
{{/*
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Bell Canada, Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
value: "{{ $initRoot.public_fqdn | default "" }}"
{{- end -}}
+{{/*
+ This init container will import custom .pem certificates to truststoreONAPall.jks
+ Custom certificates must be placed in common/certInitializer/resources directory.
+
+ The feature is enabled by setting Values.global.importCustomCertsEnabled = true
+ It can be used independently of aafEnabled, however it requires the same includes
+ as describe above for _initContainer.
+
+ When AAF is enabled the truststoreONAPAll.jks (which contains AAF CA) will be used
+ to import custom certificates, otherwise the default java keystore will be used.
+
+ The updated truststore file will be placed in /updatedTruststore and can be mounted per component
+ to a specific path by defining Values.certInitializer.truststoreMountpath (see _trustStoreVolumeMount)
+ The truststore file will be available to mount even if no custom certificates were imported.
+*/}}
+{{- define "common.certInitializer._initImportCustomCertsContainer" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+- name: {{ include "common.name" $dot }}-import-custom-certs
+ image: {{ $subchartDot.Values.global.jreImage }}
+ imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
+ securityContext:
+ runAsUser: 0
+ command:
+ - /bin/bash
+ - -c
+ - /root/import-custom-certs.sh
+ env:
+ - name: AAF_ENABLED
+ value: "{{ $subchartDot.Values.global.aafEnabled }}"
+ - name: TRUSTSTORE_OUTPUT_FILENAME
+ value: "{{ $initRoot.truststoreOutputFileName }}"
+ - name: TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "truststore-creds" "key" "password") | indent 6 }}
+ volumeMounts:
+ - mountPath: /certs
+ name: aaf-agent-certs
+ - mountPath: /root/import-custom-certs.sh
+ name: aaf-agent-certs
+ subPath: import-custom-certs.sh
+ - mountPath: /updatedTruststore
+ name: updated-truststore
+{{- end -}}
+
{{- define "common.certInitializer._volumeMount" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
-- mountPath: {{ $initRoot.mountPath }}
+- mountPath: {{ $initRoot.appMountPath }}
name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
{{- end -}}
+{{/*
+ This is used together with _initImportCustomCertsContainer
+ It mounts the updated truststore (with imported custom certificates) to the
+ truststoreMountpath defined in the values file for the component.
+*/}}
+{{- define "common.certInitializer._trustStoreVolumeMount" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- if gt (len $initRoot.truststoreMountpath) 0 }}
+- mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }}
+ name: updated-truststore
+ subPath: {{ $initRoot.truststoreOutputFileName }}
+{{- end -}}
+{{- end -}}
+
{{- define "common.certInitializer._volumes" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
medium: Memory
- name: aaf-agent-certs
configMap:
- name: {{ include "common.fullname" $subchartDot }}-certs
+ name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }}
defaultMode: 0700
{{- if $initRoot.aaf_add_config }}
name: {{ include "common.fullname" $subchartDot }}-add-config
defaultMode: 0700
{{- end -}}
+{{- if $dot.Values.global.importCustomCertsEnabled }}
+- name: updated-truststore
+ emptyDir: {}
+{{- end -}}
{{- end -}}
{{- define "common.certInitializer.initContainer" -}}
{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.importCustomCertsEnabled }}
+ {{ include "common.certInitializer._initImportCustomCertsContainer" . }}
+ {{- end -}}
{{- if $dot.Values.global.aafEnabled }}
{{ include "common.certInitializer._initContainer" . }}
{{- end -}}
{{- if $dot.Values.global.aafEnabled }}
{{- include "common.certInitializer._volumeMount" . }}
{{- end -}}
+ {{- if $dot.Values.global.importCustomCertsEnabled }}
+ {{- include "common.certInitializer._trustStoreVolumeMount" . }}
+ {{- end -}}
{{- end -}}
{{- define "common.certInitializer.volumes" -}}
{{- $dot := default . .dot -}}
- {{- if $dot.Values.global.aafEnabled }}
+ {{- if or ($dot.Values.global.aafEnabled ) ($dot.Values.global.importCustomCertsEnabled) }}
{{- include "common.certInitializer._volumes" . }}
{{- end -}}
{{- end -}}
metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
data:
aaf-add-config.sh: |
- {{ tpl .Values.aaf_add_config . | indent 4 }}
+ {{ tpl .Values.aaf_add_config . | indent 4 | trim }}
{{- end }}
----
-apiVersion: v1
-kind: ConfigMap
-{{- $suffix := "certs" }}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }}
-data:
-{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Bell Canada, Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
repository: nexus3.onap.org:10001
aafAgentImage: onap/aaf/aaf_agent:2.1.20
aafEnabled: true
+ jreImage: registry.gitlab.com/onap-integration/docker/onap-java
pullPolicy: Always
login: '{{ .Values.aafDeployFqi }}'
password: '{{ .Values.aafDeployPass }}'
passwordPolicy: required
+ - uid: truststore-creds
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.truststoreCredsExternalSecret) . }}'
+ password: '{{ .Values.truststorePassword }}'
+ passwordPolicy: required
readinessCheck:
wait_for:
cadi_longitude: "-72.0"
aaf_add_config: ""
mountPath: "/opt/app/osaaf"
+appMountPath: "/opt/app/osaaf"
+importCustomCertsEnabled: false
+truststoreMountpath: ""
+truststoreOutputFileName: truststore.jks
+truststorePassword: changeit
+
+# This introduces implicit dependency on cert-wrapper
+# if you are using cert initializer cert-wrapper has to be also deployed.
+# We had to move this CM to a separate chart to reduce the total size of our charts
+# as it exceeds the default helm limits.
+certsCMName: '{{ include "common.release" . }}-cert-wrapper-certs'
# See the License for the specific language governing permissions and
# limitations under the License.
global:
- aaf:
+ platform:
certServiceClient:
- image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+ secretName: oom-cert-service-client-tls-secret
envVariables:
# Certificate related
cmpv2Organization: "Linux-Foundation"
cmpv2State: "California"
cmpv2Country: "US"
# Client configuration related
- requestURL: "https://aaf-cert-service:8443/v1/certificate/"
+ requestURL: "https://oom-cert-service:8443/v1/certificate/"
requestTimeout: "30000"
keystorePassword: "secret"
truststorePassword: "secret"
+ certPostProcessor:
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0
+
+----------------------------------------------------+-----------------------+
| `common.repository` | `_repository.tpl` |
+----------------------------------------------------+-----------------------+
- | `common.repository.secret` | `_repository.tpl` |
- +----------------------------------------------------+-----------------------+
| `common.flavor` | `_resources.tpl` |
+----------------------------------------------------+-----------------------+
| `common.resources` | `_resources.tpl` |
...
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
...
Namespace
{{- $aafRoot := default $dot.Values.aafConfig .aafRoot -}}
{{- if $dot.Values.global.aafEnabled -}}
- name: {{ include "common.name" $dot }}-aaf-readiness
- image: "{{ $dot.Values.global.readinessRepository }}/{{ $dot.Values.global.readinessImage }}"
+ image: "{{ include "common.repository" $dot }}/{{ $dot.Values.global.readinessImage }}"
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- aaf-locate
- name: aaf_locator_app_ns
value: "{{ $aafRoot.app_ns }}"
- name: DEPLOY_FQI
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }}
- name: DEPLOY_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }}
#Note: want to put this on Nodes, eventually
- name: cadi_longitude
value: "{{ default "52.3" $aafRoot.cadi_longitude }}"
{{ else if eq "testRelease" (include "common.release" .) }}
{{/* Special case for chart liniting. DON"T NAME YOUR PRODUCTION RELEASE testRelease */}}
{{- printf "testRelease" -}}
+ {{ else if eq "test-release" .Release.Name }}
+ {{/* Special case for chart linting in helm3. DON"T NAME YOUR PRODUCTION RELEASE test-release */}}
+ {{- printf "testRelease" -}}
{{ else }}
{{ fail "masterPassword not provided" }}
{{ end }}
{{- end -}}
+{{- define "common._defaultPasswordStrength" -}}
+ {{ if .Values.passwordStrengthOverride }}
+ {{- printf "%s" .Values.passwordStrengthOverride -}}
+ {{ else if .Values.global.passwordStrength }}
+ {{- printf "%s" .Values.global.passwordStrength -}}
+ {{ else if .Values.passwordStrength }}
+ {{- printf "%s" .Values.passwordStrength -}}
+ {{ else }}
+ {{- printf "long" }}
+ {{ end }}
+{{- end -}}
+
{{/*
Generate a new password based on masterPassword. The new password is not
random, it is derived from masterPassword, fully qualified chart name and
{{- define "common.createPassword" -}}
{{- $dot := default . .dot -}}
{{- $uid := default "onap" .uid -}}
- {{- $strength := default "long" .strength -}}
+ {{- $defaultStrength := include "common._defaultPasswordStrength" $dot | trim -}}
+ {{- $strength := default $defaultStrength .strength -}}
{{- $mp := include "common.masterPassword" $dot -}}
{{- derivePassword 1 $strength $mp (include "common.fullname" $dot) $uid -}}
{{- end -}}
+{{- define "ingress.config.host" -}}
+{{- $dot := default . .dot -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
+{{ printf "%s.%s" $baseaddr $burl }}
+{{- end -}}
+
{{- define "ingress.config.port" -}}
+{{- $dot := default . .dot -}}
{{- if .Values.ingress -}}
{{- if .Values.global.ingress -}}
{{- if or (not .Values.global.ingress.virtualhost) (not .Values.global.ingress.virtualhost.enabled) -}}
- http:
paths:
{{- range .Values.ingress.service }}
- - path: {{ printf "/%s" (required "baseaddr" .baseaddr) }}
+{{ $baseaddr := required "baseaddr" .baseaddr }}
+ - path: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
backend:
serviceName: {{ .name }}
servicePort: {{ .port }}
{{- end -}}
{{- else if .Values.ingress.service -}}
-{{- $burl := (required "baseurl" .Values.global.ingress.virtualhost.baseurl) -}}
{{ range .Values.ingress.service }}
- - host: {{ printf "%s.%s" (required "baseaddr" .baseaddr) $burl }}
+{{ $baseaddr := required "baseaddr" .baseaddr }}
+ - host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
http:
paths:
- backend:
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
- {{- end -}}
+{{- end -}}
+{{- if .Values.ingress.config -}}
+{{- if .Values.ingress.config.tls -}}
+{{- $dot := default . .dot -}}
+ tls:
+ - hosts:
+ {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ {{- end }}
+ secretName: {{ required "secret" (tpl (default "" .Values.ingress.config.tls.secret) $dot) }}
+{{- end -}}
+{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- $dot := default . .dot -}}
{{- $suffix := default "" .suffix -}}
{{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}}
+ {{/* when linted, the name must be lower cased. When used from a component,
+ name should be overriden in order to avoid collision so no need to do it */}}
+ {{- if eq (printf "%s/templates" $name) $dot.Template.BasePath -}}
+ {{- $name = lower $name -}}
+ {{- end -}}
{{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }}
{{- end -}}
*/}}
{{/*
+ /!\ DEPRECATED /!\
+ Will be removed when transition to "repositoryGenerator" is finished.
Resolve the name of the common image repository.
The value for .Values.repository is used by default,
unless either override mechanism is used.
{{- default .Values.repository .Values.global.repository -}}
{{end}}
{{- end -}}
-
-
-{{/*
- Resolve the image repository secret token.
- The value for .Values.global.repositoryCred is used:
- repositoryCred:
- user: user
- password: password
- mail: email (optional)
-*/}}
-{{- define "common.repository.secret" -}}
- {{- $repo := include "common.repository" . }}
- {{- $repo := default "nexus3.onap.org:10001" $repo }}
- {{- $cred := .Values.global.repositoryCred }}
- {{- $mail := default "@" $cred.mail }}
- {{- $auth := printf "%s:%s" $cred.user $cred.password | b64enc }}
- {{- printf "{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}" $repo $cred.user $cred.password $mail $auth | b64enc -}}
-{{- end -}}
{{- $uid := (default "" .uid) }}
{{- $name := (default "" .name) }}
{{- $fullname := ne (default "" .chartName) "" | ternary (include "common.fullnameExplicit" (dict "dot" $global "chartName" .chartName)) (include "common.fullname" $global) }}
+ {{- if eq "test-release" $global.Release.Name -}}
+ {{/* Special case for chart liniting in helm3. DON"T NAME YOUR PRODUCTION RELEASE test-release */}}
+ {{- $uid = lower $uid -}}
+ {{- end -}}
{{- default (printf "%s-%s" $fullname $uid) $name }}
{{- end -}}
"version": "{{ default "v1" $msb_information.version }}",
"url": "{{ default "/" $msb_information.url }}",
"protocol": "{{ default "REST" $msb_information.protocol }}",
+ "enable_ssl": {{ default false $msb_information.enable_ssl }},
"port": "{{ $msb_information.port }}",
"visualRange":"{{ default "1" $msb_information.visualRange }}"
}
- name: common
version: ~6.x-0
repository: 'file://../common'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: 'file://../repositoryGenerator'
\ No newline at end of file
},
"uiHost": "0.0.0.0",
"version": "0.9.1",
- "performGitPull": "N",
- "enableHttps" : true
+ {{ if .Values.global.aafEnabled }}
+ "enableHttps" : true,
+ {{ end }}
+ "performGitPull": "N"
}
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}}
name: config-input
- mountPath: /config
name: config
- image: "{{ .Values.global.envsubstImage }}"
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.dbPodName }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"]
+ args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && {{ if .Values.global.aafEnabled}} cp /opt/app/osaaf/local/node-*.pem certs && {{end}}./start.sh sdnc1.0 && wait"]
ports:
- containerPort: {{ .Values.service.internalPort }}
readinessProbe:
- name: SDNC_CONFIG_DIR
value: /opt/onap/sdnc/data/properties
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
+{{/*
# Copyright © 2020 Samsung, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
+*/}}
{{ include "common.ingress" . }}
# with other instances running within the same k8s cluster
nodePortPrefix: 302
- # image repositories
- repository: nexus3.onap.org:10001
-
- # readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
- # logging agent
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
- # envsusbt
- envsubstImage: dibi/envsubst
-
# image pull policy
pullPolicy: Always
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
-image: onap/ccsdk-dgbuilder-image:0.7.4
+image: onap/ccsdk-dgbuilder-image:1.0.2
pullPolicy: Always
# flag to enable debugging - application support required
config:
ssl: "redirect"
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+ # dependency / sub-chart configuration
+certInitializer:
+ nameOverride: dgbuilder-cert-initializer
+ truststoreMountpath: /opt/onap/ccsdk/dgbuilder/certs
+ fqdn: "sdnc"
+ app_ns: "org.osaaf.aaf"
+ fqi: "sdnc@sdnc.onap.org"
+ fqi_namespace: org.onap.sdnc
+ public_fqdn: "dgbuilder.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ cd /opt/app/osaaf/local;
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1 ;
+ cp {{ .Values.fqi_namespace }}.crt node-cert.pem;
+ cp {{ .Values.fqi_namespace }}.key node-key.pem;
+ chmod go+r node-*.pem
+
+#Resource Limit flavor -By Default using small
+flavor: small
+#segregation for different envionment (Small and Large)
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
+
--- /dev/null
+components/
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := soHelpers
+HELM_BIN := helm
+HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.enabled }}
{{- range $kind, $enabled := .Values.hooks }}
{{- if $enabled }}
{{- end }}
containers:
- name: {{ template "common.fullname" . }}-curator
- image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{printf "%s/%s" (include "repositoryGenerator.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: config-volume
- name: common
version: ~6.x-0
repository: 'file://../../../common'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: 'file://../../../repositoryGenerator'
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.enabled }}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.enabled }}
{{ $role := "curator" -}}
{{ $suffix := $role -}}
{{- end }}
containers:
- name: {{ template "common.fullname" . }}-curator
- image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{printf "%s/%s" (include "repositoryGenerator.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: config-volume
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if and .Values.enabled .Values.psp.create }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if and .Values.enabled .Values.rbac.enabled }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if and .Values.enabled .Values.rbac.enabled }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if and .Values.enabled .Values.serviceAccount.create .Values.rbac.enabled }}
apiVersion: v1
kind: ServiceAccount
mountPath: /dockerdata-nfs/backup
storageClass:
clusterName: cluster.local
-repositoryOverride: docker.io
+
#################################################################
# Application configuration defaults.
#################################################################
##
enabled: false
name: curator
-image:
- imageName: bitnami/elasticsearch-curator
- tag: 5.8.1-debian-9-r74
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
+image: bitnami/elasticsearch-curator:5.8.1-debian-9-r74
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
service:
port: 9200
cronjob:
- name: common
version: ~6.x-0
repository: 'file://../../../common'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: 'file://../../../repositoryGenerator'
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}}
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
{{ $role := "data" -}}
{{ $suffix := $role -}}
-{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}}
+{{ $labels := (dict "role" $role "discovery" .Values.cluster_name) -}}
metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
spec:
updateStrategy:
template:
metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
spec:
-{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
{{- if .Values.affinity }}
affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
- serviceAccountName: {{ template "elasticsearch.data.serviceAccountName" . }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- if .Values.sysctlImage.enabled }}
## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
- name: sysctl
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/sh
{{- end }}
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
- name: volume-permissions
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/sh
{{- end }}
{{- end }}
containers:
- - name: {{ include "common.name" . }}-elasticsearch
- image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ - name: {{ include "common.name" . }}-data
+ image: {{ printf "%s/%s" (include "repositoryGenerator.dockerHubRepository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- if .Values.securityContext.enabled }}
securityContext:
{{- end }}
env:
- name: BITNAMI_DEBUG
- value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ value: {{ ternary "true" "false" .Values.debug | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
- value: {{include "elasticsearch.clustername" .}}
+ value: {{ .Values.cluster_name }}
- name: ELASTICSEARCH_CLUSTER_HOSTS
value: {{ include "common.name" . }}-discovery
{{- if .Values.plugins }}
-# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+# Copyright (c) 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+# Modification Copyright (c) 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
backup:
mountPath: /dockerdata-nfs/backup
storageClass:
-repositoryOverride: docker.io
+
#################################################################
# Application configuration defaults.
#################################################################
+
+cluster_name: onap
+
## Init containers parameters:
sysctlImage:
enabled: true
- name: http-transport
port: 9300
-image:
- imageName: bitnami/elasticsearch
- tag: 6.8.6-debian-9-r23
- ## Specify a imagePullPolicy
- ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
- ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
- ##
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
- ## Set to true if you would like to see extra information on logs
- ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
- ##
- debug: false
+image: bitnami/elasticsearch:7.9.3
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
## updateStrategy for ElasticSearch Data statefulset
- name: common
version: ~6.x-0
repository: 'file://../../../common'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: 'file://../../../repositoryGenerator'
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}}
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.serviceAccount.create }}
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
{{ $role := "master" -}}
{{ $suffix := $role -}}
-{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}}
+{{ $labels := (dict "role" $role "discovery" .Values.cluster_name) -}}
metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
spec:
updateStrategy:
template:
metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
spec:
-{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
{{- if .Values.affinity }}
affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
- serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }}
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- if .Values.sysctlImage.enabled }}
## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
- name: sysctl
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/sh
{{- end }}
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
- name: volume-permissions
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/sh
{{- end }}
{{- end }}
containers:
- - name: {{ include "common.name" . }}-elasticsearch
- image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ - name: {{ include "common.name" . }}-master
+ image: {{ printf "%s/%s" (include "repositoryGenerator.dockerHubRepository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- if .Values.securityContext.enabled }}
securityContext:
{{- end }}
env:
- name: BITNAMI_DEBUG
- value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ value: {{ ternary "true" "false" .Values.debug | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
- value: {{ include "elasticsearch.clustername" . }}
+ value: {{ .Values.cluster_name }}
- name: ELASTICSEARCH_CLUSTER_HOSTS
value: {{ include "common.name" . }}-discovery
- name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ $role := "master" -}}
{{ $labels := (dict "role" $role) -}}
{{ $matchLabels := (dict "role" $role) }}
-{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
\ No newline at end of file
+{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
-# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+# Copyright (c) 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+# Modification Copyright (c) 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-
#################################################################
# Global configuration defaults.
#################################################################
backup:
mountPath: /dockerdata-nfs/backup
storageClass:
-repositoryOverride: docker.io
+
#################################################################
# Application configuration defaults.
#################################################################
+
+cluster_name: onap
+
## Init containers parameters:
sysctlImage:
enabled: true
##
replicaCount: 3
## master acts as master only node, choose 'no' if no further data nodes are deployed)
-dedicatednode: "yes"
+dedicatednode: 'yes'
## dedicatednode: "no"
-image:
- imageName: bitnami/elasticsearch
- tag: 6.8.6-debian-9-r23
- ## Specify a imagePullPolicy
- ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
- ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
- ##
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
- ## Set to true if you would like to see extra information on logs
- ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
- ##
- debug: false
+image: bitnami/elasticsearch:7.9.3
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
## String to partially override common.fullname template (will maintain the release name)
##
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube.
- limits: {}
+ limits:
+ cpu: 250m
+ memory: 1536Mi
# cpu: 100m
# memory: 128Mi
requests:
- cpu: 25m
- memory: 256Mi
+ cpu: 5m
+ memory: 310Mi
## Elasticsearch master-eligible container's liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
## Service parameters for master-eligible node(s)
##
service:
- suffix: "service"
- name: ""
+ suffix: 'service'
+ name: ''
## list of ports for "common.containerPorts"
## Elasticsearch transport port
ports:
- - name: http-transport
- port: 9300
+ - name: http-transport
+ port: 9300
## master-eligible service type
##
type: ClusterIP
## If not set and create is true, a name is generated using the fullname template
# name:
-
## Elasticsearch cluster name
##
clusterName: elastic-cluster
-
-
-
- name: certInitializer
version: ~6.x-0
repository: 'file://../certInitializer'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: 'file://../repositoryGenerator'
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
{{- end -}}
-{{/*
-Return the proper Docker Image Registry Secret Names
-*/}}
-{{- define "elasticsearch.imagePullSecrets" -}}
-{{- if .Values.global }}
-{{- if .Values.global.imagePullSecrets }}
-imagePullSecrets:
-{{- range .Values.global.imagePullSecrets }}
- - name: {{ . }}
-{{- end }}
-{{- end }}
-{{- else }}
-{{- $imagePullSecrets := coalesce .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.curator.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets -}}
-{{- if $imagePullSecrets }}
-imagePullSecrets:
-{{- range $imagePullSecrets }}
- - name: {{ . }}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "elasticsearch.curator.serviceAccountName" -}}
-{{- if .Values.curator.serviceAccount.create -}}
- {{ default (include "common.fullname" (dict "suffix" "currator" "dot" .)) .Values.curator.serviceAccount.name }}
-{{- else -}}
- {{ default "default" .Values.curator.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.config }}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
{{ $role := "coordinating-only" -}}
template:
metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
spec:
-{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
{{- if .Values.affinity }}
affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- end }}
initContainers:
{{- if .Values.sysctlImage.enabled }}
- name: sysctl
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/sh
containers:
- name: {{ include "common.name" . }}-nginx
- image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.nginx.imageName .Values.nginx.tag }}
+ image: {{ include "repositoryGenerator.image.nginx" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.nginx.pullPolicy | quote }}
ports: {{- include "common.containerPorts" . | indent 12 -}}
{{- if .Values.nginx.livenessProbe }}
{{- include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.name" . }}-elasticsearch
- image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
{{- if .Values.securityContext.enabled }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
securityContext:
{{- end }}
env:
- name: BITNAMI_DEBUG
- value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ value: {{ ternary "true" "false" .Values.debug | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{ include "elasticsearch.clustername" .}}
- name: ELASTICSEARCH_CLUSTER_HOSTS
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ $role := "coordinating-only" -}}
{{ $labels := (dict "role" $role) -}}
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- $matchLabels := (dict "discovery" (include "elasticsearch.clustername" .) "nameNoMatch" "useDiscoveryService") }}
{{ include "common.headlessService" (dict "matchLabels" $matchLabels "dot" .) }}
+{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Copyright © 2019 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
-# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+# Copyright (c) 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+# Modification Copyright (c) 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
aafEnabled: true
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- busyboxRepository: registry.hub.docker.com
- busyboxImage: library/busybox:latest
clusterName: cluster.local
persistence:
backup:
mountPath: /dockerdata-nfs/backup
storageClass:
-repositoryOverride: docker.io
#################################################################
# Application configuration defaults.
enabled: true
# application image
-image:
- imageName: bitnami/elasticsearch
- tag: 6.8.6-debian-9-r23
- ## Specify a imagePullPolicy
- ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
- ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
- ##
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
- ## Set to true if you would like to see extra information on logs
- ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
- ##
- debug: false
+image: bitnami/elasticsearch:7.9.3
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
## String to partially override common.fullname template (will maintain the release name)
##
##
# name:
-## Bitnami Minideb image version
-## ref: https://hub.docker.com/r/bitnami/minideb/tags/
-##
sysctlImage:
enabled: true
- imageName: bitnami/minideb
- tag: stretch
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
# nginx image
nginx:
- imageName: bitnami/nginx
- tag: 1.16-debian-9
pullPolicy: IfNotPresent
service:
name: nginx
# dedicatednode: "no"
# handles master and data node functionality
dedicatednode: "no"
+ cluster_name: elasticsearch
data:
enabled: false
+ cluster_name: elasticsearch
curator:
enabled: false
- name: common
version: ~6.x-0
repository: 'file://../common'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: 'file://../repositoryGenerator'
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- $global := . }}
{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
+{{/*
# Copyright 2019 Intel Corporation Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
+{{/*
# Copyright © 2019 Intel Corporation Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
{{- end }}
containers:
- name: {{ include "common.fullname" . }}
- image: "{{ .Values.repository }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.googleK8sRepository" . }}/{{ .Values.image }}
imagePullPolicy: "{{ .Values.pullPolicy }}"
ports:
- containerPort: {{ .Values.service.peerInternalPort }}
#################################################################
#repository: etcd
-repository: "k8s.gcr.io"
-image: "etcd-amd64:3.2.24"
+image: etcd-amd64:3.2.24
pullPolicy: Always
# default number of instances in the StatefulSet
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Template used to create same STDOUT log configuration
+name: logConfiguration
+version: 6.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: 'file://../common'
--- /dev/null
+{{/*
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+ Resolve the level of the logs.
+ The value for .Values.logLevel is used by default,
+ unless either override mechanism is used.
+
+ - .Values.global.logLevel : override default log level for all components
+ - .Values.logLevelOverride : override global and default log level on a per
+ component basis
+
+ The function can takes below arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .initRoot : the root dictionary of logConfiguration submodule
+ (default to .Values.logConfiguration)
+*/}}
+{{- define "common.log.level" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.logConfiguration .initRoot -}}
+{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+ {{- if $subchartDot.Values.logLevelOverride }}
+ {{- printf "%s" $subchartDot.Values.logLevelOverride -}}
+ {{- else }}
+ {{- default $subchartDot.Values.logLevel $subchartDot.Values.global.logLevel -}}
+ {{- end }}
+{{- end -}}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+logLevel: INFO
dependencies:
- name: common
version: ~6.x-0
- repository: 'file://../common'
\ No newline at end of file
+ repository: 'file://../common'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: 'file://../repositoryGenerator'
\ No newline at end of file
#!/bin/bash
+{{/*
#
# Adfinis SyGroup AG
# openshift-mariadb-galera: mysql setup script
#
+*/}}
set -eox pipefail
mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
fi
-function prepare_password {
- echo -n $1 | sed -e "s/'/''/g"
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
}
mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD`
spec:
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
ports:
- containerPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
restartPolicy: Never
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.name" . }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- name: mariadb-galera-backup-init
- image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}"
+ image: {{ include "repositoryGenerator.image.mariadb" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
volumeMounts:
- name: backup-dir
mountPath: /backup
+ - name: db-data
+ mountPath: /var/lib/mysql
containers:
- name: mariadb-backup-validate
- image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}"
+ image: {{ include "repositoryGenerator.image.mariadb" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: MYSQL_ROOT_PASSWORD
- name: backup-dir
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-backup-data
+ - name: db-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-{{ sub .Values.replicaCount 1 }}
{{- end }}
runAsUser: 1001
containers:
- name: mariadb-job-pre-upgrade
- image: {{ .Values.global.kubectlImage}}
+ image: {{ include "repositoryGenerator.image.kubectl" . }}
imagePullPolicy: IfNotPresent
env:
- name: NAMESPACE_ENV
fsGroup: 1001
runAsUser: 0
initContainers:
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - image: {{ include "repositoryGenerator.image.readiness" . }}
name: mariadb-galera-upgrade-readiness
env:
- name: NAMESPACE
apiVersion: v1
fieldPath: metadata.namespace
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- mariadb-galera
containers:
- name: mariadb-job-post-upgrade
- image: {{ .Values.global.kubectlImage}}
+ image: {{ include "repositoryGenerator.image.kubectl" . }}
imagePullPolicy: IfNotPresent
env:
- name: NAMESPACE_ENV
spec:
containers:
- name: mariadb-job-post-delete
- image: {{ .Values.global.kubectlImage}}
+ image: {{ include "repositoryGenerator.image.kubectl" . }}
imagePullPolicy: IfNotPresent
command: ["/bin/bash", "-c", "--"]
args:
- name: {{ include "common.namespace" . }}-docker-registry-key
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy | quote}}
env:
- name: POD_NAMESPACE
name: {{ include "common.fullname" . }}-data
initContainers:
- name: {{ include "common.name" . }}-prepare
- image: "{{ include "common.repository" . }}/{{ .Values.imageInit }}"
+ image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy | quote}}
command: ["sh", "-c", "chown -R 27:27 /var/lib/mysql"]
volumeMounts:
backup:
mountPath: /dockerdata-nfs/backup
- repository: nexus3.onap.org:10001
-
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- busyboxImage: busybox:1.30
- busyboxRepository: docker.io
- # kubeclt image
- kubectlImage: "bitnami/kubectl:1.15"
-
#################################################################
# Application configuration defaults.
#################################################################
#repository: mysql
-repository: nexus3.onap.org:10001
image: adfinissygroup/k8s-mariadb-galera-centos:v002
-backupImage: library/mariadb:10.1.38
-imageInit: busybox
pullPolicy: IfNotPresent
# application configuration
## Configure MariaDB-Galera with a custom my.cnf file
## ref: https://mariadb.com/kb/en/mariadb/configuring-mariadb-with-mycnf/#example-of-configuration-file
##
-externalConfig: ""
-# externalConfig: |-
- # [mysqld]
- # innodb_buffer_pool_size=2G
+#externalConfig: ""
+externalConfig: |-
+ [mysqld]
+ lower_case_table_names = 1
#resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: 500m
+ memory: 1.5Gi
requests:
- cpu: 1
- memory: 2Gi
+ cpu: 100m
+ memory: 750Mi
large:
limits:
cpu: 2
dependencies:
- name: common
version: ~6.x-0
- repository: 'file://../common'
\ No newline at end of file
+ repository: 'file://../common'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: 'file://../repositoryGenerator'
\ No newline at end of file
#!/bin/bash
+{{/*
# Copyright © 2019 Orange
# Copyright © 2020 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
# make sure the script fails if any of commands failed
set -e
{{/*
# Copyright © 2019 Orange
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- define "mariadbInit.mariadbClusterSecret" -}}
{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride)) -}}
{{- end -}}
+
+{{- define "mariadbInit._updateSecrets" -}}
+ {{- if not .Values.secretsUpdated }}
+ {{- $global := . }}
+ {{- range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
+ {{- $item := dict "uid" $db "type" "basicAuth" "externalSecret" (default "" $dbInfos.externalSecret) "login" (default "" $dbInfos.user) "password" (default "" $dbInfos.password) "passwordPolicy" "required" }}
+ {{- $newList := append $global.Values.secrets $item }}
+ {{- $_ := set $global.Values "secrets" $newList }}
+ {{- end -}}
+ {{ $_ := set $global.Values "secretsUpdated" true }}
+ {{- end -}}
+{{- end -}}
+{{/*
# Copyright © 2019 Orange
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+{{ if .Values.dbScript }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-dbscript
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+ db_cmd.sh: |
+ {{ tpl .Values.dbScript . | indent 4 }}
+{{- end }}
+{{/*
# Copyright © 2019 Orange
# Copyright © 2020 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
+
+{{ include "mariadbInit._updateSecrets" . -}}
apiVersion: batch/v1
kind: Job
initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- - {{ .Values.global.mariadbGalera.nameOverride }}
+ - {{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.containerName }}
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.image.mariadb" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - bash
- - /db_init/db_init.sh
+ - /bin/sh
+ - -c
+ - |
+ /db_init/db_init.sh {{ if or .Values.dbScriptConfigMap .Values.dbScript }} &&
+ /db_config/db_cmd.sh{{ end }}
env:
- name: DB_HOST
- value: "{{ .Values.global.mariadbGalera.nameOverride }}"
+ value: "{{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.serviceName }}"
- name: DB_PORT
- value: "{{ .Values.global.mariadbGalera.servicePort }}"
+ value: "{{ default .Values.global.mariadbGalera.servicePort .Values.mariadbGalera.servicePort }}"
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }}
- name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }}
- name: {{ printf "MYSQL_PASSWORD_%s" .Values.config.mysqlDatabase | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }}
{{- $root := . }}
{{ range $db, $_values := .Values.config.mysqlAdditionalDatabases }}
- name: {{ printf "MYSQL_USER_%s" $db | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "login") | indent 10 }}
- name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "password") | indent 10 }}
{{ end }}
volumeMounts:
- mountPath: /etc/localtime
readOnly: true
- name: mariadb-conf
mountPath: /db_init/
- readOnly: true
+{{- if or .Values.dbScriptConfigMap .Values.dbScript }}
+ - name: mariadb-init
+ mountPath: /db_config/
+{{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
- - name: mariadb-conf
- configMap:
- name: {{ include "mariadbInit.configMap" . }}
- name: localtime
hostPath:
path: /etc/localtime
+{{- if or .Values.dbScriptConfigMap .Values.dbScript }}
+ - name: mariadb-init
+ configMap:
+{{- if .Values.dbScriptConfigMap }}
+ name: {{ tpl .Values.dbScriptConfigMap . }}
+{{- else -}}
+ name: {{ include "common.fullname" . }}-dbscript
+{{- end }}
+ defaultMode: 0755
+{{- end }}
+ - name: mariadb-conf
+ configMap:
+ name: {{ include "mariadbInit.configMap" . }}
+ defaultMode: 0755
restartPolicy: Never
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{/*
# Copyright © 2017 Amdocs, Bell Canada, Orange
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-{{- define "mariadb-init._update-secrets" -}}
- {{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
-{{ printf "- uid: %s" $db }}
-{{ printf " type: basicAuth" }}
- {{- if $dbInfos.externalSecret }}
-{{ printf " externalSecret: %s" $dbInfos.externalSecret }}
- {{- end }}
-{{ printf " login: %s" $dbInfos.user }}
-{{ printf " password: %s" $dbInfos.password }}
-{{ printf " passwordPolicy: required" }}
- {{- end -}}
-{{- end -}}
+{{ include "mariadbInit._updateSecrets" . -}}
-{{ $global := . }}
-{{ $secretsString := .Values.secrets | toYaml | indent 2 }}
-{{ $additionalSecretsString := (include "mariadb-init._update-secrets" .) | indent 2 }}
-{{ $finalSecretsString := (cat "\nsecrets:\n" $secretsString $additionalSecretsString) | replace " -" " -" }}
-{{ $finalSecrets := ($finalSecretsString | fromYaml).secrets }}
-
-{{ $newValues := set $global.Values "secrets" $finalSecrets }}
-{{ $tmpGlobal := set $global "Values" $newValues }}
-
-{{ include "common.secret" $tmpGlobal }}
+{{ include "common.secretFast" . }}
content: mariadb-galera
- equal:
path: spec.template.spec.initContainers[0].image
- value: oomk8s/readiness-check:2.0.2
+ value: nexus3.onap.org:10001/onap/oom/readiness:3.0.1
- equal:
path: spec.template.spec.initContainers[0].imagePullPolicy
value: IfNotPresent
# Global configuration defaults.
#################################################################
global:
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
mariadbGalera:
nameOverride: mariadb-galera
servicePort: 3306
secrets:
- uid: root-password
type: password
- externalSecret: '{{ tpl (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) . }}'
- password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}'
+ externalSecret: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootSecret) (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}'
+ password: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootPassword) (default "" .Values.global.mariadbGalera.userRootPassword) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}'
- uid: '{{ .Values.config.mysqlDatabase }}'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}'
# Application configuration defaults.
#################################################################
-image: mariadb:10.1.38
pullPolicy: IfNotPresent
+# These two values are used to supply commands that are run after the DB is created.
+# Components using the shared DB can either pass a string which has a set of commands
+# or a config map that contains a shell script. If both are specified only the config
+# map will be executed. For reference, please see the VID components for config map
+dbScript: ""
+dbScriptConfigMap: ""
+
# Set it if you want to change the name of the different components
# nameOverride:
+mariadbGalera: {}
+# serviceName: some-name
+# containerName: some-name
+# servicePort: 3306
+# userRootPassword: some-password
+# userRootSecret: some-secret-name
+# userRootSecretKey: password
+
+
config:
userPassword: Ci@shsOd3pky1Vji
userName: u5WZ1GMSIS1wHZF
- name: common
version: ~6.x-0
repository: 'file://../common'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: 'file://../repositoryGenerator'
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+{{ include "common.podSecurityContext" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
- image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - docker-entrypoint.sh
+ args:
+ - --nounixsocket
env:
- name: MONGO_INITDB_DATABASE
value: "{{ .Values.config.dbName }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-data
mountPath: /var/lib/mongo
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+{{ include "common.containerSecurityContext" . | indent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
global:
nodePortPrefix: 302
persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
#################################################################
# Application configuration defaults.
#################################################################
-dockerHubRepository: registry.hub.docker.com
image: library/mongo:4.0.8
pullPolicy: Always
rpcbindPort: 111
rpcbindUdpPort: 111
+securityContext:
+ user_id: 999
+ group_id: 999
+
ingress:
enabled: false
-resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
# Minimum memory for development is 2 CPU cores and 4GB memory
# Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+resources:
+ small:
+ limits:
+ cpu: 100m
+ memory: 200Mi
+ requests:
+ cpu: 10m
+ memory: 50Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
sdnctlPrefix: mongo
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --timeout
- "{{ .Values.global.readinessTimeout }}"
repository: nexus3.onap.org:10001
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- # Set default to 4 hrs.
+ readinessImage: onap/oom/readiness:3.0.1
+ # Set default to 4 hrs.
# On slow environments dealys this long have been seen.
readinessTimeout: 240
# logging agent
job:
host: music-cassandra
port: 9042
- busybox:
+ busybox:
image: library/busybox:latest
- cassandra:
+ cassandra:
image: onap/music/cassandra_job:3.0.24
timeout: 30
delay: 120
replicationClass: "SimpleStrategy"
replicationFactor: 3
adminUser:
- username: nelson24
- password: nelson24
+ username: nelson24
+ password: nelson24
passwordReplace: A2C4E6G8I0J2L4O6Q8S0U2W4Y6
-
+
podManagementPolicy: OrderedReady
updateStrategy:
type: OnDelete
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - weight: 1
- podAffinityTerm:
- labelSelector:
- matchExpressions:
- - key: app
- operator: In
- values:
- - {{ .Chart.Name }}
- topologyKey: kubernetes.io/hostname
serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
selector:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
repository: nexus3.onap.org:10001
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# logging agent
loggingRepository: docker.elastic.co
#!/bin/bash
+{{/*
#
# ============LICENSE_START==========================================
# org.onap.music
#
# ============LICENSE_END=============================================
# ====================================================================
+*/}}
echo "Running startup script to get password from certman"
PWFILE=/opt/app/aafcertman/.password
+{{/*
# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
initContainers:
- name: {{ include "common.name" . }}-cassandra-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- -j
- "{{ include "common.release" . }}-music-cassandra-job-config"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
resources:
-{{ toYaml .Values.resources | indent 12 }}
+{{ include "common.resources" . | indent 12 }}
env:
- name: SPRING_OPTS
value: "{{ .Values.springOpts }}"
+{{/*
# Copyright © 2020 AT&T, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
envsubstImage: dibi/envsubst
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# logging agent
loggingRepository: docker.elastic.co
nodePortPrefix: 302
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
release: {{ include "common.release" . }}
spec:
initContainers:
-{{- if .Values.global.mariadbGalera.localCluster }}
- - command:
- - /root/ready.py
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
args:
+{{- if .Values.global.mariadbGalera.localCluster }}
- --container-name
- {{ index .Values "mariadb-galera" "nameOverride" }}
{{- else }}
- - command:
- - /root/job_complete.py
- args:
- --job-name
- {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job
{{- end }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
command:
# readiness check
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
# image pull policy
pullPolicy: IfNotPresent
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-apps-ms-neng:0.7.1
+image: onap/ccsdk-apps-ms-neng:1.0.2
pullPolicy: IfNotPresent
# application configuration
- name: common
version: ~6.x-0
repository: 'file://../common'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: 'file://../repositoryGenerator'
heritage: {{ $dot.Release.Service }}
name: "{{ index $dot.Values "container" "name" $pgMode }}"
spec:
- serviceName: {{ $dot.Values.service.name }}
replicas: 1
selector:
matchLabels:
subPath: setup.sql
- mountPath: /config
name: pgconf
- image: "{{ $dot.Values.global.envsubstImage }}"
+ image: {{ include "repositoryGenerator.image.envsubst" $dot }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
name: {{ include "common.name" $dot }}-update-config
- |
chown 26:26 /podroot/;
chmod 700 /podroot/;
- image: {{ $dot.Values.global.busyboxRepository | default $dot.Values.busyboxRepository }}/{{ $dot.Values.busyboxImage }}
+ image: {{ include "repositoryGenerator.image.busybox" $dot }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" $dot }}-data
mountPath: /podroot/
containers:
- name: {{ include "common.name" $dot }}
- image: "{{ $dot.Values.postgresRepository }}/{{ $dot.Values.image }}"
+ image: {{ include "repositoryGenerator.image.postgres" $dot }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
ports:
- containerPort: {{ $dot.Values.service.internalPort }}
- mountPath: /backup
name: {{ include "common.fullname" $dot }}-backup
readOnly: true
- resources:
-{{ include "common.resources" $dot | indent 12 }}
+ resources: {{ include "common.resources" $dot | nindent 12 }}
{{- if $dot.Values.nodeSelector }}
nodeSelector:
{{ toYaml $dot.Values.nodeSelector | indent 10 }}
+{{/*
# Copyright © 2019 Amdocs, Bell Canada, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
global:
nodePortPrefix: 302
persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
- # envsusbt
- envsubstImage: dibi/envsubst
#################################################################
# Secrets metaconfig
# Application configuration defaults.
#################################################################
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
-
-postgresRepository: crunchydata
-image: crunchy-postgres:centos7-10.11-4.2.1
pullPolicy: Always
# application configuration
ingress:
enabled: false
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+flavor: small
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 100m
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 90Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
{{- $containers := index (ternary (dict "containers" $wait_for) $wait_for (kindIs "slice" $wait_for)) "containers" -}}
{{- $namePart := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "name" -}}
- name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $namePart) (empty $namePart) }}-readiness
- image: "{{ $subchartDot.Values.global.readinessRepository }}/{{ $subchartDot.Values.global.readinessImage }}"
+ image: "{{ include "common.repository" $subchartDot }}/{{ $subchartDot.Values.global.readinessImage }}"
imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
{{- range $container := $containers }}
- --container-name
# limitations under the License.
global:
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.2.1
+ readinessImage: onap/oom/readiness:3.0.1
pullPolicy: Always
limits:
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Wrapper chart to allow docker secret to be shared all instances
+name: repository-wrapper
+version: 6.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: 'file://../common'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: 'file://../repositoryGenerator'
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.namespace" . }}-docker-registry-key
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+ .dockercfg: {{ include "repositoryGenerator.secret" . }}
+type: kubernetes.io/dockercfg
--- /dev/null
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global: {}
\ No newline at end of file
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Template used to generate the right repository link
+name: repositoryGenerator
+version: 6.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- define "repositoryGenerator._repositoryHelper" -}}
+ {{- $dot := default . .dot -}}
+ {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}}
+ {{- $repoName := .repoName }}
+ {{- $overrideName := printf "%s%s" $repoName "Override" }}
+ {{- if (hasKey $dot.Values $overrideName) -}}
+ {{- printf "%s" (first (pluck $overrideName $dot.Values)) -}}
+ {{- else -}}
+ {{- first (pluck $repoName $dot.Values.global $initRoot.global) -}}
+ {{- end }}
+{{- end -}}
+
+{{/*
+ Resolve the name of the common image repository.
+
+ - .Values.global.repository : default image repository for all ONAP images
+ - .Values.repositoryOverride : override global repository on a per chart basis
+*/}}
+{{- define "repositoryGenerator.repository" -}}
+ {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "repository") .) }}
+{{- end -}}
+
+{{/*
+ Resolve the name of the dockerHub image repository.
+
+ - .Values.global.dockerHubRepository : default image dockerHubRepository for all dockerHub images
+ - .Values.dockerHubRepositoryOverride : override global dockerHub repository on a per chart basis
+*/}}
+{{- define "repositoryGenerator.dockerHubRepository" -}}
+ {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "dockerHubRepository") .) }}
+{{- end -}}
+
+{{/*
+ Resolve the name of the elasticRepository image repository.
+
+ - .Values.global.elasticRepository : default image elasticRepository for all images using elastic repository
+ - .Values.elasticRepositoryOverride : override global elasticRepository repository on a per chart basis
+*/}}
+{{- define "repositoryGenerator.elasticRepository" -}}
+ {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "elasticRepository") .) }}
+{{- end -}}
+
+{{/*
+ Resolve the name of the googleK8sRepository image repository.
+
+ - .Values.global.googleK8sRepository : default image dockerHubRepository for all dockerHub images
+ - .Values.googleK8sRepositoryOverride : override global dockerHub repository on a per chart basis
+*/}}
+{{- define "repositoryGenerator.googleK8sRepository" -}}
+ {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "googleK8sRepository") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image._helper" -}}
+ {{- $dot := default . .dot -}}
+ {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}}
+ {{- $image := .image }}
+ {{- $repoName := first (pluck $image $initRoot.imageRepoMapping) }}
+ {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" $repoName ) .) }}/{{- first (pluck $image $dot.Values.global $initRoot.global) -}}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.busybox" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "busyboxImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.curl" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "curlImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.envsubst" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "envsubstImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.htpasswd" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "htpasswdImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.kubectl" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "kubectlImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.logging" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "loggingImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.mariadb" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "mariadbImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.nginx" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "nginxImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.postgres" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "postgresImage") .) }}
+{{- end -}}
+
+{{- define "repositoryGenerator.image.readiness" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "readinessImage") .) }}
+{{- end -}}
+
+{{/*
+ Resolve the image repository secret token.
+ The value for .Values.global.repositoryCred is used if provided:
+ repositoryCred:
+ user: user
+ password: password
+ mail: email (optional)
+ You can also set the same things for dockerHub, elastic and googleK8s if
+ needed.
+*/}}
+{{- define "repositoryGenerator.secret" -}}
+ {{- $dot := default . .dot -}}
+ {{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}}
+ {{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
+ {{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+ {{- $repoCreds := "" }}
+ {{- if $subchartDot.Values.global.dockerHubRepositoryCred }}
+ {{- $repo := $subchartDot.Values.global.repository }}
+ {{- $cred := $subchartDot.Values.global.repositoryCred }}
+ {{- $mail := default "@" $cred.mail }}
+ {{- $auth := printf "%s:%s" $cred.user $cred.password | b64enc }}
+ {{- $repoCreds = printf "\"%s\": {\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $repo $cred.user $cred.password $mail $auth }}
+ {{- end }}
+ {{- if $subchartDot.Values.global.dockerHubRepositoryCred }}
+ {{- $dhRepo := $subchartDot.Values.global.dockerHubRepository }}
+ {{- $dhCred := $subchartDot.Values.global.dockerHubRepositoryCred }}
+ {{- $dhMail := default "@" $dhCred.mail }}
+ {{- $dhAuth := printf "%s:%s" $dhCred.user $dhCred.password | b64enc }}
+ {{- $dhRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $dhRepo $dhCred.user $dhCred.password $dhMail $dhAuth }}
+ {{- if eq "" $repoCreds }}
+ {{- $repoCreds = $dhRepoCreds }}
+ {{- else }}
+ {{- $repoCreds = printf "%s, %s" $repoCreds $dhRepoCreds }}
+ {{- end }}
+ {{- end }}
+ {{- if $subchartDot.Values.global.elasticRepositoryCred }}
+ {{- $eRepo := $subchartDot.Values.global.elasticRepository }}
+ {{- $eCred := $subchartDot.Values.global.elasticRepositoryCred }}
+ {{- $eMail := default "@" $eCred.mail }}
+ {{- $eAuth := printf "%s:%s" $eCred.user $eCred.password | b64enc }}
+ {{- $eRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $eRepo $eCred.user $eCred.password $eMail $eAuth }}
+ {{- if eq "" $repoCreds }}
+ {{- $repoCreds = $eRepoCreds }}
+ {{- else }}
+ {{- $repoCreds = printf "%s, %s" $repoCreds $eRepoCreds }}
+ {{- end }}
+ {{- end }}
+ {{- if $subchartDot.Values.global.googleK8sRepositoryCred }}
+ {{- $gcrRepo := $subchartDot.Values.global.googleK8sRepository }}
+ {{- $gcrCred := $subchartDot.Values.global.googleK8sRepositoryCred }}
+ {{- $gcrMail := default "@" $gcrCred.mail }}
+ {{- $gcrAuth := printf "%s:%s" $gcrCred.user $gcrCred.password | b64enc }}
+ {{- $gcrRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $gcrRepo $gcrCred.user $gcrCred.password $gcrMail $gcrAuth }}
+ {{- if eq "" $repoCreds }}
+ {{- $repoCreds = $gcrRepoCreds }}
+ {{- else }}
+ {{- $repoCreds = printf "%s, %s" $repoCreds $gcrRepoCreds }}
+ {{- end }}
+ {{- end }}
+ {{- printf "{%s}" $repoCreds | b64enc -}}
+{{- end -}}
--- /dev/null
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global:
+ # Repositories used
+ repository: nexus3.onap.org:10001
+ dockerHubRepository: docker.io
+ elasticRepository: docker.elastic.co
+ googleK8sRepository: k8s.gcr.io
+
+ # common global images
+ busyboxImage: busybox:1.32
+ curlImage: curlimages/curl:7.69.1
+ envsubstImage: dibi/envsubst:1
+ # there's only latest image for htpasswd
+ htpasswdImage: xmartlabs/htpasswd:latest
+ kubectlImage: bitnami/kubectl:1.19
+ loggingImage: beats/filebeat:5.5.0
+ mariadbImage: mariadb:10.1.48
+ nginxImage: bitnami/nginx:1.18-debian-10
+ postgresImage: crunchydata/crunchy-postgres:centos7-10.11-4.2.1
+ readinessImage: onap/oom/readiness:3.0.1
+
+ # Default credentials
+ # they're optional. If the target repository doesn't need them, comment them
+ repositoryCred:
+ user: docker
+ password: docker
+ # If you want / need authentication on the repositories, please set
+ # Don't set them if the target repo is the same than others
+ # dockerHubCred:
+ # user: myuser
+ # password: mypassord
+ # elasticCred:
+ # user: myuser
+ # password: mypassord
+ # googleK8sCred:
+ # user: myuser
+ # password: mypassord
+
+imageRepoMapping:
+ busyboxImage: dockerHubRepository
+ curlImage: dockerHubRepository
+ envsubstImage: dockerHubRepository
+ htpasswdImage: dockerHubRepository
+ kubectlImage: dockerHubRepository
+ loggingImage: elasticRepository
+ mariadbImage: dockerHubRepository
+ nginxImage: dockerHubRepository
+ postgresImage: dockerHubRepository
+ readinessImage: repository
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
- name: "{{ include "common.namespace" . }}-docker-registry-key"
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.runAsUser }}
+ runAsGroup: {{ .Values.securityContext.runAsGroup }}
command: ["/usr/local/bin/docker-entrypoint.sh"]
args:
- "agent"
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 10 }}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
+ repository: nexus3.onap.org:10001
#################################################################
# Application configuration defaults.
#################################################################
# application image
-repository: docker.io
-image: consul:1.0.6
+image: onap/oom/consul:2.1.0
pullPolicy: Always
# flag to enable debugging - application support required
ingress:
enabled: false
-resources: {}
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 30m
+ memory: 25Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
+
+securityContext:
+ fsGroup: 1000
+ runAsUser: 100
+ runAsGroup: 1000
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.\r
#\r
# Licensed under the Apache License, Version 2.0 (the "License");\r
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
# See the License for the specific language governing permissions and\r
# limitations under the License.\r
+*/}}
\r
# Model Loader Distribution Client Configuration\r
ml.distribution.ACTIVE_SERVER_TLS_AUTH=false\r
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
if curl -s -X PUT http://aai-elasticsearch:9200/searchhealth/stats/testwrite -d @/consul/scripts/aai-search-storage-write-doc.txt | grep '\"created\":true'; then
if curl -s -X DELETE http://aai-elasticsearch:9200/searchhealth/stats/testwrite | grep '\"failed\":0'; then
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
APPC_DBHOST_POD=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "appc-dbhost-[^[:space:]]*")
if [ -n "$APPC_DBHOST_POD" ]; then
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-clampdb[^[:space:]]*")
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "aai-data-router[^[:space:]]*")
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "aai-model-loader[^[:space:]]*")
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
kafkapod=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-message-router-kafka-[^[:space:]]*")
if [ -n "$kafkapod" ]; then
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
zkpod=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-message-router-zookeeper-[^[:space:]]*")
if [ -n "$zkpod" ]; then
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-policydb[^[:space:]]*")
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
## Query the health check API.
HEALTH_CHECK_ENDPOINT="http://sdc-fe:8181/sdc1/rest/healthCheck"
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
## Query the health check API.
HEALTH_CHECK_ENDPOINT="http://sdc-fe:8181/sdc1/rest/healthCheck"
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
## Query the health check API.
HEALTH_CHECK_ENDPOINT="http://sdc-fe:8181/sdc1/rest/healthCheck"
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
## Query the health check API.
HEALTH_CHECK_ENDPOINT="http://sdc-fe:8181/sdc1/rest/healthCheck"
#!/bin/sh
+{{/*
# Copyright © 2018 Amdocs
# Modifications Copyright © 2018 AT&T
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
# query ODL cluster state
USERNAME="{{.Values.odl.jolokia.username}}"
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
SDNC_DBHOST_POD=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "sdnc-dbhost-[^[:space:]]*")
if [ -n "$SDNC_DBHOST_POD" ]; then
#!/bin/sh
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
SEARCH_SERVICE_NAME="search-data-service.{{ include "common.namespace" . }}"
SEARCH_SERVICE_PORT=9509
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
## Query the health check API.
HEALTH_CHECK_ENDPOINT="http://so:8080/ecomp/mso/infra/healthcheck"
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
## Query the health check API.
HEALTH_CHECK_ENDPOINT="http://so:8080/mso/healthcheck"
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
## Query the health check API.
HEALTH_CHECK_ENDPOINT="http://so:8080/networks/rest/healthcheck"
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-so-db[^[:space:]]*")
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "aai-sparky-be[^[:space:]]*")
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-vid-mariadb[^[:space:]]*")
+++ /dev/null
-{
- "service": {
- "name": "Health Check: SDNC Portal",
- "checks": [
- {
- "id": "sdnc-portal",
- "name": "SDNC Portal Health Check",
- "http": "http://sdnc-portal:8843/login",
- "method": "HEAD",
- "header": {
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- containers:
- - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ initContainers:
+ - name: {{ include "common.name" . }}-chown
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
command:
- - /bin/sh
- - "-c"
+ - sh
+ args:
+ - -c
- |
- apk update && apk add jq
- cp /tmp/consul/config/* /consul/config
- /usr/local/bin/docker-entrypoint.sh agent -client 0.0.0.0 -enable-script-checks -retry-join {{ .Values.consulServer.nameOverride }}
+ cp -r -L /tmp/consul/config/* /consul/config/
+ chown -R {{ .Values.consulUID }}:{{ .Values.consulGID }} /consul/config
+ ls -la /consul/config
+ volumeMounts:
+ - mountPath: /tmp/consul/config
+ name: consul-agent-config
+ - mountPath: /consul/config
+ name: consul-agent-config-dir
+ containers:
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.runAsUser }}
+ runAsGroup: {{ .Values.securityContext.runAsGroup }}
+ command:
+ - docker-entrypoint.sh
+ args:
+ - agent
+ - -client
+ - 0.0.0.0
+ - -enable-script-checks
+ - -retry-join
+ - {{ .Values.consulServer.nameOverride }}
name: {{ include "common.name" . }}
env:
- name: SDNC_ODL_COUNT
- name: SDNC_IS_PRIMARY_CLUSTER
value: "{{ .Values.sdnc.config.isPrimaryCluster }}"
volumeMounts:
- - mountPath: /tmp/consul/config
- name: consul-agent-config
+ - mountPath: /consul/config
+ name: consul-agent-config-dir
- mountPath: /consul/scripts
name: consul-agent-scripts-config
- mountPath: /consul/certs
name: consul-agent-certs-config
+ resources: {{ include "common.resources" . | nindent 10 }}
volumes:
+ - name: consul-agent-config-dir
+ emptyDir: {}
- configMap:
name: {{ include "common.fullname" . }}-configmap
name: consul-agent-config
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Secret
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:latest
#################################################################
# Application configuration defaults.
#################################################################
# application image
-repository: docker.io
-image: oomk8s/consul:1.0.0
+image: onap/oom/consul:2.1.0
pullPolicy: Always
#subchart name
consulServer:
nameOverride: consul-server
+consulUID: 100
+consulGID: 1000
+
# flag to enable debugging - application support required
debugEnabled: false
port: 8800
config:
ssl: "none"
-
-resources: {}
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1500Mi
+ requests:
+ cpu: 650m
+ memory: 530Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
odl:
jolokia:
config:
isPrimaryCluster: true
replicaCount: 1
+
+securityContext:
+ fsGroup: 1000
+ runAsUser: 100
+ runAsGroup: 1000
--- /dev/null
+components/
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+HELM_BIN := helm
make-contrib: make-contrib-awx make-contrib-netbox make-contrib-ejbca make-contrib-core
make-contrib-awx:
- cd components && helm dep up awx && helm lint awx
+ cd components && $(HELM_BIN) dep up awx && $(HELM_BIN) lint awx
make-contrib-ejbca:
- cd components && helm dep up ejbca && helm lint ejbca
+ cd components && $(HELM_BIN) dep up ejbca && $(HELM_BIN) lint ejbca
make-contrib-netbox:
- cd components && helm dep up netbox && helm lint netbox
+ cd components && $(HELM_BIN) dep up netbox && $(HELM_BIN) lint netbox
make-contrib-core:
- helm dep up . && helm lint .
+ $(HELM_BIN) dep up . && $(HELM_BIN) lint .
clean:
@find . -type f -name '*.tgz' -delete
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+HELM_BIN := helm
make-awx:
- cd charts && helm dep up awx-postgres
+ cd charts && $(HELM_BIN) dep up awx-postgres
+{{/*
# Copyright © 2019 Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
DATABASES = {
'default': {
+{{/*
# Copyright © 2019 Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
DATABASE_USER={{ .Values.config.postgresUser }}
DATABASE_NAME={{ .Values.config.postgresDB }}
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- awx-postgres
name: {{ include "common.fullname" . }}-rabbitmq
name: rabbitmq-config
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.name" . }}-mgnt
name: {{ include "common.fullname" . }}-rabbitmq
name: rabbitmq-config
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
# Global configuration defaults.
#################################################################
global:
+ readinessRepository: nexus3.onap.org:10001
nodePortPrefixExt: 304
commonConfigPrefix: awx
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<java version="1.8.0_242" class="java.beans.XMLDecoder">
+ <object class="java.util.LinkedHashMap">
+ <void method="put">
+ <string>version</string>
+ <float>46.0</float>
+ </void>
+ <void method="put">
+ <string>type</string>
+ <int>1</int>
+ </void>
+ <void method="put">
+ <string>certversion</string>
+ <string>X509v3</string>
+ </void>
+ <void method="put">
+ <string>encodedvalidity</string>
+ <string>2y</string>
+ </void>
+ <void method="put">
+ <string>usecertificatevalidityoffset</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>certificatevalidityoffset</string>
+ <string>-10m</string>
+ </void>
+ <void method="put">
+ <string>useexpirationrestrictionforweekdays</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>expirationrestrictionforweekdaysbefore</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>expirationrestrictionweekdays</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>allowvalidityoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>allowextensionoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>allowdnoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>allowdnoverridebyeei</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>allowbackdatedrevokation</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecertificatestorage</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>storecertificatedata</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>storesubjectaltname</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>usebasicconstrants</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>basicconstraintscritical</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>usesubjectkeyidentifier</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>subjectkeyidentifiercritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useauthoritykeyidentifier</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>authoritykeyidentifiercritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usesubjectalternativename</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>subjectalternativenamecritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useissueralternativename</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>issueralternativenamecritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecrldistributionpoint</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usedefaultcrldistributionpoint</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>crldistributionpointcritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>crldistributionpointuri</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>usefreshestcrl</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecadefinedfreshestcrl</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>freshestcrluri</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>crlissuer</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>usecertificatepolicies</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>certificatepoliciescritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>certificatepolicies</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>availablekeyalgorithms</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <string>DSA</string>
+ </void>
+ <void method="add">
+ <string>ECDSA</string>
+ </void>
+ <void method="add">
+ <string>RSA</string>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>availableeccurves</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <string>ANY_EC_CURVE</string>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>availablebitlengths</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>192</int>
+ </void>
+ <void method="add">
+ <int>224</int>
+ </void>
+ <void method="add">
+ <int>239</int>
+ </void>
+ <void method="add">
+ <int>256</int>
+ </void>
+ <void method="add">
+ <int>384</int>
+ </void>
+ <void method="add">
+ <int>512</int>
+ </void>
+ <void method="add">
+ <int>521</int>
+ </void>
+ <void method="add">
+ <int>1024</int>
+ </void>
+ <void method="add">
+ <int>1536</int>
+ </void>
+ <void method="add">
+ <int>2048</int>
+ </void>
+ <void method="add">
+ <int>3072</int>
+ </void>
+ <void method="add">
+ <int>4096</int>
+ </void>
+ <void method="add">
+ <int>6144</int>
+ </void>
+ <void method="add">
+ <int>8192</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>minimumavailablebitlength</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>maximumavailablebitlength</string>
+ <int>8192</int>
+ </void>
+ <void method="put">
+ <string>signaturealgorithm</string>
+ <null/>
+ </void>
+ <void method="put">
+ <string>usekeyusage</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>keyusage</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>true</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ <void method="add">
+ <boolean>false</boolean>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>allowkeyusageoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>keyusagecritical</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>useextendedkeyusage</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>extendedkeyusage</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <string>1.3.6.1.5.5.7.3.2</string>
+ </void>
+ <void method="add">
+ <string>1.3.6.1.5.5.7.3.4</string>
+ </void>
+ <void method="add">
+ <string>1.3.6.1.5.5.7.3.1</string>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>extendedkeyusagecritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usedocumenttypelist</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>documenttypelistcritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>documenttypelist</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>availablecas</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>-1</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>usedpublishers</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>useocspnocheck</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useldapdnorder</string>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>usecustomdnorder</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usemicrosofttemplate</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>microsofttemplate</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>usecardnumber</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecnpostfix</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>cnpostfix</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>usesubjectdnsubset</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>subjectdnsubset</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>usesubjectaltnamesubset</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>subjectaltnamesubset</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>usepathlengthconstraint</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>pathlengthconstraint</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>useqcstatement</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usepkixqcsyntaxv2</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useqcstatementcritical</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useqcstatementraname</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>useqcsematicsid</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>useqcetsiqccompliance</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useqcetsisignaturedevice</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useqcetsivaluelimit</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>qcetsivaluelimit</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>qcetsivaluelimitexp</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>qcetsivaluelimitcurrency</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>useqcetsiretentionperiod</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>qcetsiretentionperiod</string>
+ <int>0</int>
+ </void>
+ <void method="put">
+ <string>useqccustomstring</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>qccustomstringoid</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>qccustomstringtext</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>qcetsipds</string>
+ <null/>
+ </void>
+ <void method="put">
+ <string>qcetsitype</string>
+ <null/>
+ </void>
+ <void method="put">
+ <string>usecertificatetransparencyincerts</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecertificatetransparencyinocsp</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecertificatetransparencyinpublisher</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usesubjectdirattributes</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usenameconstraints</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useauthorityinformationaccess</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>caissuers</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>usedefaultcaissuer</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usedefaultocspservicelocator</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>ocspservicelocatoruri</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>cvcaccessrights</string>
+ <int>3</int>
+ </void>
+ <void method="put">
+ <string>usedcertificateextensions</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <string>approvals</string>
+ <object class="java.util.LinkedHashMap">
+ <void method="put">
+ <object class="java.lang.Enum" method="valueOf">
+ <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
+ <string>REVOCATION</string>
+ </object>
+ <int>-1</int>
+ </void>
+ <void method="put">
+ <object class="java.lang.Enum" method="valueOf">
+ <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
+ <string>KEYRECOVER</string>
+ </object>
+ <int>-1</int>
+ </void>
+ <void method="put">
+ <object class="java.lang.Enum" method="valueOf">
+ <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
+ <string>ADDEDITENDENTITY</string>
+ </object>
+ <int>-1</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>useprivkeyusageperiodnotbefore</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useprivkeyusageperiod</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>useprivkeyusageperiodnotafter</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>privkeyusageperiodstartoffset</string>
+ <long>0</long>
+ </void>
+ <void method="put">
+ <string>privkeyusageperiodlength</string>
+ <long>63072000</long>
+ </void>
+ <void method="put">
+ <string>usesingleactivecertificateconstraint</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>overridableextensionoids</string>
+ <object class="java.util.LinkedHashSet"/>
+ </void>
+ <void method="put">
+ <string>nonoverridableextensionoids</string>
+ <object class="java.util.LinkedHashSet"/>
+ </void>
+ <void method="put">
+ <string>allowcertsnoverride</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>usecustomdnorderldap</string>
+ <boolean>false</boolean>
+ </void>
+ </object>
+</java>
ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK}
ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
+ #Custom EJBCA cert profile and endentity are imported to allow issuing certificates with correct extended usage (containing serverAuth)
+ ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles
+ #Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml)
+ ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER
+ #ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml)
+ ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849
ejbca.sh config cmp dumpalias --alias cmpRA
ejbca.sh config cmp addalias --alias cmp
ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<java version="1.8.0_242" class="java.beans.XMLDecoder">
+ <object class="java.util.LinkedHashMap">
+ <void method="put">
+ <string>version</string>
+ <float>14.0</float>
+ </void>
+ <void method="put">
+ <string>NUMBERARRAY</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>3</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>1</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ <void method="add">
+ <int>0</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>SUBJECTDNFIELDORDER</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>500</int>
+ </void>
+ <void method="add">
+ <int>1100</int>
+ </void>
+ <void method="add">
+ <int>1200</int>
+ </void>
+ <void method="add">
+ <int>1300</int>
+ </void>
+ <void method="add">
+ <int>1400</int>
+ </void>
+ <void method="add">
+ <int>1600</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>SUBJECTALTNAMEFIELDORDER</string>
+ <object class="java.util.ArrayList">
+ <void method="add">
+ <int>1800</int>
+ </void>
+ <void method="add">
+ <int>1801</int>
+ </void>
+ <void method="add">
+ <int>1802</int>
+ </void>
+ </object>
+ </void>
+ <void method="put">
+ <string>SUBJECTDIRATTRFIELDORDER</string>
+ <object class="java.util.ArrayList"/>
+ </void>
+ <void method="put">
+ <int>0</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20000</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10000</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30000</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>1</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20001</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10001</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30001</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>95</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20095</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10095</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30095</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>96</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20096</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10096</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30096</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>5</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20005</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10005</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30005</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>26</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20026</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10026</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30026</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>29</int>
+ <string>1834889499</string>
+ </void>
+ <void method="put">
+ <int>20029</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10029</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30029</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30</int>
+ <string>1834889499</string>
+ </void>
+ <void method="put">
+ <int>20030</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10030</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30030</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>31</int>
+ <string>1</string>
+ </void>
+ <void method="put">
+ <int>20031</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10031</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30031</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>32</int>
+ <string>1;2;3;4</string>
+ </void>
+ <void method="put">
+ <int>20032</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10032</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30032</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>33</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20033</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10033</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30033</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>34</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20034</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10034</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30034</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>38</int>
+ <string>1</string>
+ </void>
+ <void method="put">
+ <int>20038</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10038</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30038</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>37</int>
+ <string>-1501801709</string>
+ </void>
+ <void method="put">
+ <int>20037</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10037</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30037</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>98</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20098</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10098</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30098</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>99</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20099</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10099</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30099</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>97</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20097</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10097</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30097</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>91</int>
+ <string>false</string>
+ </void>
+ <void method="put">
+ <int>20091</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10091</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30091</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>94</int>
+ <string>-1</string>
+ </void>
+ <void method="put">
+ <int>20094</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10094</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30094</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>93</int>
+ <string>-1</string>
+ </void>
+ <void method="put">
+ <int>20093</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10093</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30093</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>89</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20089</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10089</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30089</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>88</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20088</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10088</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30088</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <string>ALLOW_MERGEDN_WEBSERVICES</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>2</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20002</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10002</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10090</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>90</int>
+ <string>0</string>
+ </void>
+ <void method="put">
+ <string>REVERSEFFIELDCHECKS</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>28</int>
+ <string>false</string>
+ </void>
+ <void method="put">
+ <int>20028</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10028</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>REUSECERTIFICATE</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>35</int>
+ <string>false</string>
+ </void>
+ <void method="put">
+ <int>20035</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10035</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10092</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>USEEXTENSIONDATA</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>PRINTINGUSE</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>PRINTINGDEFAULT</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>PRINTINGREQUIRED</string>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <string>PRINTINGCOPIES</string>
+ <int>1</int>
+ </void>
+ <void method="put">
+ <string>PRINTINGPRINTERNAME</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>PRINTINGSVGDATA</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <string>PRINTINGSVGFILENAME</string>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>11</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20011</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10011</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30011</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>12</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20012</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10012</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30012</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>13</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20013</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10013</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30013</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>14</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20014</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10014</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30014</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>16</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20016</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>10016</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30016</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>18</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20018</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10018</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30018</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>118</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20118</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10118</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30118</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>218</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20218</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10218</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30218</int>
+ <boolean>true</boolean>
+ </void>
+ </object>
+</java>
+{{/*
# Copyright © 2020, Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
name: "{{ include "common.fullname" . }}-config-script"
data:
{{ tpl (.Files.Glob "resources/ejbca-config.sh").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: "{{ include "common.fullname" . }}-profiles"
+data:
+{{ tpl (.Files.Glob "resources/certprofile_CUSTOM_ENDUSER-1834889499.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/entityprofile_Custom_EndEntity-1356531849.xml").AsConfig . | indent 2 }}
+{{/*
# Copyright © 2020, Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
initContainers:
- name: {{ include "common.name" . }}-db-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
{{- if .Values.global.mariadbGalera.localCluster }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}-ejbca
volumeMounts:
- name: "{{ include "common.fullname" . }}-volume"
mountPath: /opt/primekey/scripts/
+ - name: "{{ include "common.fullname" . }}-profiles-volume"
+ mountPath: /opt/primekey/custom_profiles/
ports: {{ include "common.containerPorts" . | nindent 10 }}
env:
- name: INITIAL_ADMIN
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
+ resources: {{ include "common.resources" . | nindent 10 }}
volumes:
- configMap:
name: "{{ include "common.fullname" . }}-config-script"
defaultMode: 0755
name: "{{ include "common.fullname" . }}-volume"
+ - configMap:
+ name: "{{ include "common.fullname" . }}-profiles"
+ defaultMode: 0755
+ name: "{{ include "common.fullname" . }}-profiles-volume"
+{{/*
# Copyright © 2020, Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2020, Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
# See the License for the specific language governing permissions and
# limitations under the License.
global:
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.1
- mariadbGalera: &mariadbGalera
+ readinessImage: onap/oom/readiness:3.0.1
+ mariadbGalera: &mariadbGalera
#This flag allows EJBCA to instantiate its own mariadb-galera cluster
localCluster: false
service: mariadb-galera
password: '{{ .Values.config.ejbca.clientIak }}'
# application configuration
+repository: nexus3.onap.org:10001
config:
db:
userName: ejbca
port: 8443
plain_port: 8080
port_protocol: http
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1500m
+ memory: 1536Mi
+ requests:
+ cpu: 10m
+ memory: 750Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 20m
+ memory: 1Gi
+ unlimited: {}
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+HELM_BIN := helm
make-netbox:
- cd charts && helm dep up netbox-postgres && helm dep up netbox-nginx && helm dep up netbox-app
+ cd charts && $(HELM_BIN) dep up netbox-postgres && $(HELM_BIN) dep up netbox-nginx && $(HELM_BIN) dep up netbox-app
+{{/*
# Copyright © 2018 Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: batch/v1
kind: Job
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- netbox-app
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
{{- else -}}
- - port: {{ .Values.service.externalPort }}
+ - port: {{ .Values.service.internalPort }}
targetPort: {{ .Values.service.internalPort }}
{{- end}}
selector:
staticPvName: netbox-static
service:
- type: NodePort
+ type: ClusterIP
name: netbox-nginx
portName: netbox-nginx
internalPort: 8080
# Global configuration defaults.
#################################################################
global:
+ readinessRepository: nexus3.onap.org:10001
nodePortPrefixExt: 304
commonConfigPrefix: netbox
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
--- /dev/null
+#!/bin/bash
+
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+BASE_URL="https://nexus3.onap.org/repository/docker.release"
+
+if [ "$GERRIT_BRANCH" == "staging" ]; then
+ exit 0
+fi
+
+USED_IMAGES=$(grep -r -E -o -h ':\s*onap/.*:.*' | sed -e 's/^: //' -e 's/^ //' | sort | uniq)
+REPO_IMAGES=$(curl -s $BASE_URL/v2/_catalog | jq -r '.repositories[]')
+NOT_AVAILABLE_IMAGES=$(echo "$USED_IMAGES" | grep -vE "$(echo "$REPO_IMAGES" | tr "\n" "|" | sed 's/|$//')")
+USED_IMAGES=$(echo "$USED_IMAGES" | grep -E "$(echo "$REPO_IMAGES" | tr "\n" "|" | sed 's/|$//')")
+for i in $USED_IMAGES; do
+ TMP_IMG=$(echo "$i" | cut -d ":" -f1)
+ TMP_TAG=$(echo "$i" | cut -d ":" -f2)
+ if [ "$LAST_IMG" != "$TMP_IMG" ]; then
+ AVAILABLE_TAGS=$(curl -s $BASE_URL/v2/$TMP_IMG/tags/list | jq -r '.tags[]')
+ fi
+ if ! echo "$AVAILABLE_TAGS" | grep "$TMP_TAG" > /dev/null; then
+ NOT_AVAILABLE_IMAGES="$NOT_AVAILABLE_IMAGES\n$i"
+ fi
+ LAST_IMG="$TMP_IMG"
+ printf "."
+done
+printf "\n"
+if [ -n "$NOT_AVAILABLE_IMAGES" ]; then
+ echo "[ERROR] Only release images are allowed in helm charts."
+ echo "[ERROR] Images not found in release repo:"
+ echo -e "$NOT_AVAILABLE_IMAGES"
+ exit 1
+fi
+exit 0
\ No newline at end of file
.project
.idea/
*.tmproj
+components/
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-redis make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard
+HELM_BIN := helm
+
+make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard
make-dcae-bootstrap:
- cd components && helm dep up dcae-bootstrap && helm lint dcae-bootstrap
+ cd components && $(HELM_BIN) dep up dcae-bootstrap && $(HELM_BIN) lint dcae-bootstrap
make-dcae-cloudify-manager:
- cd components && helm dep up dcae-cloudify-manager && helm lint dcae-cloudify-manager
+ cd components && $(HELM_BIN) dep up dcae-cloudify-manager && $(HELM_BIN) lint dcae-cloudify-manager
make-dcae-config-binding-service:
- cd components && helm dep up dcae-config-binding-service && helm lint dcae-config-binding-service
+ cd components && $(HELM_BIN) dep up dcae-config-binding-service && $(HELM_BIN) lint dcae-config-binding-service
make-dcae-healthcheck:
- cd components && helm dep up dcae-healthcheck && helm lint dcae-healthcheck
-
-make-dcae-redis:
- cd components && helm dep up dcae-redis && helm lint dcae-redis
+ cd components && $(HELM_BIN) dep up dcae-healthcheck && $(HELM_BIN) lint dcae-healthcheck
make-dcae-servicechange-handler:
- cd components && helm dep up dcae-servicechange-handler && helm lint dcae-servicechange-handler
+ cd components && $(HELM_BIN) dep up dcae-servicechange-handler && $(HELM_BIN) lint dcae-servicechange-handler
make-dcae-inventory-api:
- cd components && helm dep up dcae-inventory-api && helm lint dcae-inventory-api
+ cd components && $(HELM_BIN) dep up dcae-inventory-api && $(HELM_BIN) lint dcae-inventory-api
make-dcae-deployment-handler:
- cd components && helm dep up dcae-deployment-handler && helm lint dcae-deployment-handler
+ cd components && $(HELM_BIN) dep up dcae-deployment-handler && $(HELM_BIN) lint dcae-deployment-handler
make-dcae-policy-handler:
- cd components && helm dep up dcae-policy-handler && helm lint dcae-policy-handler
+ cd components && $(HELM_BIN) dep up dcae-policy-handler && $(HELM_BIN) lint dcae-policy-handler
make-dcae-dashboard:
- cd components && helm dep up dcae-dashboard && helm lint dcae-dashboard
+ cd components && $(HELM_BIN) dep up dcae-dashboard && $(HELM_BIN) lint dcae-dashboard
clean:
@find . -type f -name '*.tgz' -delete
- name: cmpv2Config
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
"username": "notused",
"password": "doesnotmatter",
"owner": "dcaecm"
- }
+ }
}
\ No newline at end of file
+{{/*
#============LICENSE_START========================================================
#=================================================================================
# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{
- "namespace" : "{{ if .Values.dcae_ns }}{{ .Values.dcae_ns}}{{ else }}{{include "common.namespace" . }}{{ end}}",
- "consul_dns_name" : "{{ .Values.config.address.consul.host }}.{{ include "common.namespace" . }}",
- "default_k8s_location" : "{{ .Values.default_k8s_location }}",
- "image_pull_secrets" : ["{{ include "common.namespace" . }}-docker-registry-key"],
- "filebeat":
- {
- "log_path": "/var/log/onap",
- "data_path": "/usr/share/filebeat/data",
- "config_path": "/usr/share/filebeat/filebeat.yml",
- "config_subpath": "filebeat.yml",
- "image" : "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}",
- "config_map" : "{{ include "common.release" . }}-dcae-filebeat-configmap"
- },
- "tls":
- {
- "cert_path": "/opt/app/osaaf",
- "image": "{{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}",
- "component_cert_dir": "/opt/dcae/cacert",
- "component_ca_cert_path": "/opt/dcae/cacert/cacert.pem",
- "ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert"
- },
- "external_cert":
- {
- "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.aaf.certServiceClient.image }}",
- "request_url": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.requestURL }}",
- "timeout": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.requestTimeout }}",
- "country": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Country }}",
- "organization": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Organization }}",
- "state": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2State }}",
- "organizational_unit": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2OrganizationalUnit }}",
- "location": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Location }}",
- "keystore_password": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.keystorePassword }}",
- "truststore_password": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.truststorePassword }}"
- }
-}
+ "namespace": "{{ if .Values.dcae_ns }}{{ .Values.dcae_ns}}{{ else }}{{include "common.namespace" . }}{{ end}}",
+ "consul_dns_name": "{{ .Values.config.address.consul.host }}.{{ include "common.namespace" . }}",
+ "default_k8s_location": "{{ .Values.default_k8s_location }}",
+ "image_pull_secrets": [
+ "{{ include "common.namespace" . }}-docker-registry-key"
+ ],
+ "filebeat": {
+ "log_path": "/var/log/onap",
+ "data_path": "/usr/share/filebeat/data",
+ "config_path": "/usr/share/filebeat/filebeat.yml",
+ "config_subpath": "filebeat.yml",
+ "image": "{{ include "repositoryGenerator.image.logging" . }}",
+ "config_map": "{{ include "common.release" . }}-dcae-filebeat-configmap"
+ },
+ "tls": {
+ "cert_path": "/opt/app/osaaf",
+ "image": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}",
+ "component_cert_dir": "/opt/dcae/cacert",
+ "component_ca_cert_path": "/opt/dcae/cacert/cacert.pem",
+ "ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert"
+ },
+ "external_cert": {
+ "image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certServiceClient.image }}",
+ "request_url": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestURL }}",
+ "timeout": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestTimeout }}",
+ "country": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Country }}",
+ "organization": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Organization }}",
+ "state": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2State }}",
+ "organizational_unit": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}",
+ "location": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Location }}",
+ "cert_secret_name": "{{ .Values.cmpv2Config.global.platform.certServiceClient.secretName }}",
+ "keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}",
+ "truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}"
+ },
+ "truststore_merger": {
+ "image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}"
+ }
+}
\ No newline at end of file
+{{/*
#============LICENSE_START========================================================
#=================================================================================
# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ if .Values.componentImages.datafile_collector }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.datafile_collector }}
+tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.datafile_collector }}
{{ end }}
host_port: {{ .Values.config.address.datafile_collector.port }}
host_port_secure: {{ .Values.config.address.datafile_collector.portSecure }}
+{{/*
#============LICENSE_START========================================================
#=================================================================================
# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{
{{ if .Values.componentImages.holmes_engine }}
- "he_image" : '{{ include "common.repository" . }}/{{ .Values.componentImages.holmes_engine }}',
+ "he_image" : '{{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.holmes_engine }}',
{{ end }}
"msb_hostname": "{{ .Values.config.address.msb_iag }}.{{include "common.namespace" . }}",
"dcae_CL_publish_url": "http://{{ .Values.config.address.message_router }}.{{include "common.namespace" . }}:3904/events/unauthenticated.DCAE_CL_OUTPUT",
+{{/*
#============LICENSE_START========================================================
#=================================================================================
# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{
{{ if .Values.componentImages.holmes_rules }}
- "hr_image" : '{{ include "common.repository" . }}/{{ .Values.componentImages.holmes_rules }}',
+ "hr_image" : '{{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.holmes_rules }}',
{{ end }}
"msb_hostname": "{{ .Values.config.address.msb_iag }}.{{include "common.namespace" . }}",
+{{/*
#============LICENSE_START========================================================
#=================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ if .Values.componentImages.hv_ves }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.hv_ves }}
+tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.hv_ves }}
{{ end }}
use_tls: true
-security_ssl_disable: false
\ No newline at end of file
+security_ssl_disable: false
+external_cert_ca_name: "RA"
+external_cert_common_name: "dcae-hv-ves-collector"
+external_cert_sans: "dcae-hv-ves-collector:hv-ves-collector:hv-ves"
+external_cert_cert_type: "JKS"
+external_cert_use_external_tls: false
+{{/*
#=================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
k8s_pgaas_instance_fqdn: {{ .Values.postgres.service.name2 }}.{{include "common.namespace" . }}
k8s_initial_password: $PG_ROOT_PASSWORD
+{{/*
#============LICENSE_START========================================================
#=================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ if .Values.componentImages.prh }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.prh }}
+tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.prh }}
{{ end }}
+{{/*
#============LICENSE_START========================================================
#=================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ if .Values.componentImages.snmptrap }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.snmptrap }}
+tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.snmptrap }}
{{ end }}
external_port: {{ .Values.config.address.snmptrap.port }}
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-{{ if .Values.componentImages.tca }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tca }}
-{{ end }}
-dmaap_host: {{ .Values.config.address.message_router }}.{{include "common.namespace" . }}
-consul_host: {{ .Values.config.address.consul.host }}.{{include "common.namespace" . }}
-cbs_host: config-binding-service
-enableRedisCaching: {{ .Values.config.redisCaching }}
-{{ if .Values.config.redisHosts }}
-redisHosts: {{ .Values.config.redisHosts }}
-{{ end }}
+{{/*
#============LICENSE_START========================================================
#=================================================================================
# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ if .Values.componentImages.tcagen2 }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tcagen2 }}
+tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.tcagen2 }}
{{ end }}
tca_handle_in_subscribe_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
-tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.TCAGEN2_OUTPUT/"
+tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.DCAE_CL_OUTPUT/"
+{{/*
#============LICENSE_START========================================================
#=================================================================================
# Copyright (c) 2020 Nokia. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ if .Values.componentImages.ves }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.ves }}
+tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.ves }}
{{ end }}
external_port: 0
external_port_tls: {{ .Values.config.address.ves.portSecure }}
auth_method: "certBasicAuth"
-component_name: "dcae-ves-collector"
-dns_component_name: "dcae-ves-collector"
+service_component_type: "dcae-ves-collector"
+service_id: "dcae-ves-collector"
+service_component_name_override: "dcae-ves-collector"
enable_tls: true
ves_other_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_OTHER_OUTPUT/"
ves_heartbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT/"
ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/"
ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
+ves_3gpp_fault_supervision_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT/"
+ves_3gpp_provisioning_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT/"
+ves_3gpp_hearbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT/"
+ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT/"
user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce"
+external_cert_ca_name: "RA"
+external_cert_common_name: "dcae-ves-collector"
+external_cert_sans: "dcae-ves-collector:ves-collector:ves"
+external_cert_cert_type: "JKS"
+external_cert_use_external_tls: false
+{{/*
#============LICENSE_START========================================================
#=================================================================================
# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ if .Values.componentImages.ves }}
-tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.ves }}
+tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.ves }}
{{ end }}
external_port_tls: 0
external_port: {{ .Values.config.address.ves.port }}
auth_method: "noAuth"
-component_name: "dcae-ves-collector-http"
-dns_component_name: "dcae-ves-collector-http"
+service_component_type: "dcae-http-ves-collector"
+service_id: "dcae-http-ves-collector-http"
+service_component_name_override: "dcae-http-ves-collector"
ves_other_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_OTHER_OUTPUT/"
ves_heartbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT/"
ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_FAULT_OUTPUT/"
ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/"
ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
+ves_3gpp_fault_supervision_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT/"
+ves_3gpp_provisioning_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT/"
+ves_3gpp_hearbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT/"
+ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT/"
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: apps/v1
kind: Deployment
name: {{ include "common.fullname" . }}-dcae-inputs-input
- mountPath: /config
name: {{ include "common.fullname" . }}-dcae-inputs
- image: "{{ .Values.global.envsubstImage }}"
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcae-cloudify-manager
fieldPath: status.podIP
- name: aaf_locator_fqdn
value: dcae
- image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- mountPath: /opt/app/osaaf
name: tls-info
- name: init-consul
- image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.consulLoaderImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
args:
- --service
resources: {}
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources:
{{ include "common.resources" . | indent 12 }}
- name: CMADDR
value: {{ .Values.config.address.cm.host }}
- name: CMPASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.name" . }}-cmpass
- key: password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14}}
- name: CMPROTO
value: {{ .Values.config.address.cm.proto }}
- name: CMPORT
+{{/*
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.name" . }}-cmpass
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- password: YWRtaW4=
----
{{ include "common.secretFast" . }}
#============LICENSE_START========================================================
#=================================================================================
-# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- envsubstImage: dibi/envsubst
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
secrets:
- uid: pg-root-pass
externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcae-bootstrap-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
password: '{{ .Values.postgres.config.pgRootpassword }}'
policy: generate
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
config:
logstashServiceName: log-ls
ves:
port: 30235
portSecure: 30417
- # redisCaching is a string not a boolean!
- redisCaching: "false"
# postgres values--overriding defaults in the postgres subchart
postgres:
disableNfsProvisioner: true
# application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.2
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.8
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
# Use to override default setting in blueprints
componentImages:
- holmes_rules: onap/holmes/rule-management:1.2.7
- holmes_engine: onap/holmes/engine-management:1.2.6
- tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2
- tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.1
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.1
+ holmes_rules: onap/holmes/rule-management:1.2.9
+ holmes_engine: onap/holmes/engine-management:1.2.9
+ tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.1
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
- prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2
- hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0
+ prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4
+ hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.0
# Resource Limit flavor -By Default using small
flavor: small
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
[consul]
address={{ .Values.config.address.consul.host }}:{{ .Values.config.address.consul.port }}
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
filebeat.prospectors:
#it is mandatory, in our case it's log
- input_type: log
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2020 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: apps/v1
kind: Deployment
- "dcae-cloudify-manager"
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- aaf-cm
apiVersion: v1
fieldPath: metadata.namespace
- name: {{ include "common.name" . }}-multisite-init
- image: {{ include "common.repository" . }}/{{ .Values.multisiteInitImage }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.multisiteInitImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
args:
- --namespace
- {{ include "common.namespace" . }}
- --configmap
- {{ .Values.multisiteConfigMapName }}
- restartPolicy: Never
- name: init-tls
env:
- name: POD_IP
fieldPath: status.podIP
- name: aaf_locator_fqdn
value: dcae
- image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
name: tls-info
{{- if .Values.persistence.enabled }}
- name: remove-lost-found
- image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: /cfy-persist
{{- end }}
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: REQUESTS_CA_BUNDLE
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end }}
readinessProbe:
exec:
- /scripts/readiness-check.sh
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
volumeMounts:
- mountPath: /opt/onap/config.txt
subPath: config.txt
name: cm-persistent
- mountPath: /opt/onap/certs
name: tls-info
+ - mountPath: /opt/onap/cm-secrets
+ name: cm-secrets
+ readOnly: true
securityContext:
privileged: True
volumes:
{{- end }}
- emptyDir: {}
name: tls-info
+ - name: cm-secrets
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "cm-pass") }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: batch/v1
kind: Job
metadata:
restartPolicy: Never
containers:
- name: dcae-cleanup
- image: {{ include "common.repository" . }}/{{ .Values.cleanupImage }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.cleanupImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
\ No newline at end of file
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
-
+*/}}
{{ if .Values.dcae_ns}}
# Create the namespace
apiVersion: v1
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
{{- if eq "True" (include "common.needPV" .) }}
+{{/*
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
kind: PersistentVolumeClaim
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ if .Values.dcae_ns}}
apiVersion: v1
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
- .dockercfg: {{ include "common.repository.secret" . }}
+ .dockercfg: {{ include "repositoryGenerator.secret" . }}
type: kubernetes.io/dockercfg
---
{{ end }}
annotations:
kubernetes.io/service-account.name: default
type: kubernetes.io/service-account-token
+---
+{{ include "common.secretFast" . }}
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: v1
kind: Service
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2020 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
nodePortPrefix: 302
persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
repositoryCred:
user: docker
password: docker
+secrets:
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+ policy: required
+
config:
+ cloudifyManagerPassword: "override me"
logstashServiceName: log-ls
logstashPort: 5044
# Addresses of other ONAP entities
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.cm-container:3.0.0
+image: onap/org.onap.dcaegen2.deployments.cm-container:3.3.4
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
liveness:
initialDelaySeconds: 10
periodSeconds: 10
+ timeoutSeconds: 5
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
# liveness not desirable for Cloudify Manager container
readiness:
initialDelaySeconds: 60
- periodSeconds: 10
+ # In some environments we see CM coming up
+ # properly but readiness probe timing out.
+ # Increasing the timeout and adjusting the
+ # period so it's longer than the timeout.
+ # (DCAEGEN2-2465)
+ periodSeconds: 30
+ timeoutSeconds: 10
service:
type: ClusterIP
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
+# Due to memory issues in ONAP integration environment,
+# we've increased the memory amounts for both flavors.
resources:
small:
limits:
cpu: 2
- memory: 2Gi
+ memory: 4Gi
requests:
cpu: 1
- memory: 1Gi
+ memory: 2Gi
large:
limits:
cpu: 4
- memory: 4Gi
+ memory: 8Gi
requests:
cpu: 2
- memory: 2Gi
+ memory: 4Gi
unlimited: {}
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
filebeat.prospectors:
#it is mandatory, in our case it's log
- input_type: log
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2019 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
metadata:
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- consul-server
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
containers:
{{- if .Values.service.secure.enabled }}
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources:
{{ include "common.resources" . | indent 12 }}
port: {{ .Values.service.secure.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
+ {{ end }}
readinessProbe:
httpGet:
scheme: "HTTPS"
- name: HTTPS_KEY_PATH
value: "/opt/tls/key.pem"
- name: {{ include "common.name" . }}-fb-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ image: {{ include "repositoryGenerator.image.logging" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-fb-conf
{{ end }}
{{- if .Values.service.insecure.enabled }}
- name: {{ include "common.name" . }}-insecure
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources:
{{ include "common.resources" . | indent 12 }}
port: {{ .Values.service.insecure.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
+ {{ end }}
readinessProbe:
httpGet:
scheme: "HTTP"
- name: CONSUL_HOST
value: consul.{{ include "common.namespace" . }}
- name: {{ include "common.name" . }}-fb-onap-i
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ image: {{ include "repositoryGenerator.image.logging" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-fb-conf
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: v1
kind: Service
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- repositoryCred:
- user: docker
- password: docker
config:
logstashServiceName: log-ls
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.configbinding:2.5.2
+image: onap/org.onap.dcaegen2.platform.configbinding:2.5.3
pullPolicy: Always
# probe configuration parameters
- name: postgres
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
filebeat.prospectors:
#it is mandatory, in our case it's log
- input_type: log
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2019 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
metadata:
+{{/*
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcae-cloudify-manager
fieldPath: status.podIP
- name: aaf_locator_fqdn
value: dcae
- image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
name: tls-info
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources:
{{ include "common.resources" . | indent 12 }}
successThreshold: 1
timeoutSeconds: 1
volumeMounts:
- - mountPath: /usr/local/share/ca-certificates/
+ - mountPath: /opt/app/osaaf/
name: tls-info
- mountPath: /opt/logs/dcae/dashboard
name: component-log
- name: postgres_port
value: "{{ .Values.postgres.config.pgPort }}"
- name: cloudify_password
- value: admin
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }}
- name: dhandler_url
value: {{ .Values.config.dhandler_url }}
- name: cfy_url
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}
+ image: {{ include "repositoryGenerator.image.logging" . }}
imagePullPolicy: IfNotPresent
resources: {}
volumeMounts:
{{/*
# Copyright © 2020 Samsung Electronics
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
*/}}
+
{{ include "common.secretFast" . }}
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: v1
kind: Service
#################################################################
global:
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
secrets:
login: '{{ .Values.postgres.config.pgUserName }}'
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+ policy: required
config:
+ cloudifyManagerPassword: "override me"
logstashServiceName: log-ls
logstashPort: 5044
dhandler_url: https://deployment-handler:8443
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.2
+image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.4.0
pullPolicy: Always
# probe configuration parameters
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
filebeat.prospectors:
#it is mandatory, in our case it's log
- input_type: log
--- /dev/null
+{
+ "appenders": {
+ "out": {"type": "stdout"},
+ "audit": {
+ "type": "file",
+ "filename": "log/audit.log",
+ "maxLogSize": 10240000,
+ "backups": 10,
+ "layout": {
+ "type": "messagePassThrough"
+ }
+ },
+ "metrics": {
+ "type": "file",
+ "filename": "log/metrics.log",
+ "maxLogSize": 10240000,
+ "backups": 10,
+ "layout": {
+ "type": "messagePassThrough"
+ }
+ },
+ "error": {"type": "stdout"},
+ "debug": {"type": "stdout"}
+ },
+ "categories": {
+ "default": {"appenders": ["out"], "level": "debug"},
+ "audit": {"appenders": ["audit"], "level": "info"},
+ "metrics": {"appenders": ["metrics"], "level": "info"},
+ "error": {"appenders": ["error"], "level": "error"},
+ "debug": {"appenders": ["debug"], "level": "debug"}
+ }
+}
\ No newline at end of file
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2019 AT&T
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{include "common.fullname" . }}-filebeat-configmap
namespace: {{include "common.namespace" . }}
data:
-{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{include "common.fullname" . }}-log4js-configmap
+ namespace: {{include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/log4js/*").AsConfig . | indent 2 }}
+{{/*
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcae-cloudify-manager
fieldPath: status.podIP
- name: aaf_locator_fqdn
value: dcae
- image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- mountPath: /opt/app/osaaf
name: tls-info
- name: init-consul
- image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.consulLoaderImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
args:
- --service
name: dh-config
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources:
{{ include "common.resources" . | indent 12 }}
name: component-log
- mountPath: /opt/app/dh/etc/cert/
name: tls-info
+ - mountPath: /opt/app/dh/etc/
+ name: log4js-conf
env:
- name: CONSUL_HOST
value: consul-server.{{ include "common.namespace" . }}
- name: CLOUDIFY_USER
value: admin
- name: CLOUDIFY_PASSWORD
- value: admin
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }}
- name: CONFIG_BINDING_SERVICE
value: config-binding-service
- name: NODE_EXTRA_CA_CERTS
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}
+ image: {{ include "repositoryGenerator.image.logging" . }}
imagePullPolicy: IfNotPresent
resources: {}
volumeMounts:
defaultMode: 422
name: {{ include "common.fullname" . }}-configmap
name: dh-config
+ - configMap:
+ defaultMode: 420
+ name: {{include "common.fullname" . }}-log4js-configmap
+ name: log4js-conf
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: v1
kind: Service
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- consulLoaderRepository: nexus3.onap.org:10001
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
- repositoryCred:
- user: docker
- password: docker
+
+secrets:
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+ policy: required
config:
+ cloudifyManagerPassword: "override me"
logstashServiceName: log-ls
logstashPort: 5044
# Addresses of other ONAP entities
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.deployment-handler:4.3.0
+image: onap/org.onap.dcaegen2.platform.deployment-handler:4.4.1
pullPolicy: Always
# probe configuration parameters
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources:
{{ include "common.resources" . | indent 12 }}
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: v1
kind: Service
#=================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Modifications Copyright © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
service:
name: dcae-healthcheck
initialDelaySeconds: 10
periodSeconds: 10
# application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.0.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.1.0
# Resource Limit flavor -By Default using small
flavor: small
- name: postgres
version: ~6.x-0
repository: '@local'
- alias: postgres
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
filebeat.prospectors:
#it is mandatory, in our case it's log
- input_type: log
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2019 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
metadata:
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: apps/v1
kind: Deployment
name: {{ include "common.fullname" . }}-inv-config-input
- mountPath: /config
name: {{ include "common.fullname" . }}-inv-config
- image: "{{ .Values.global.envsubstImage }}"
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.postgres.nameOverride }}
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
name: tls-info
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# Assumes that the Docker image is built with ENTRYPOINT set to
# ["java", "-jar", "/opt/inventory-api-x.y.z.jar", "server"]
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}
+ image: {{ include "repositoryGenerator.image.logging" . }}
imagePullPolicy: IfNotPresent
resources: {}
volumeMounts:
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: v1
kind: Service
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- envsubstImage: dibi/envsubst
- repositoryCred:
- user: docker
- password: docker
secrets:
- uid: pg-user-creds
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.1
+image: onap/org.onap.dcaegen2.platform.inventory-api:3.5.1
pullPolicy: Always
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
filebeat.prospectors:
#it is mandatory, in our case it's log
- input_type: log
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2019 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
metadata:
+{{/*
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcae-deployment-handler
- --container-name
- consul-server
- --container-name
- - pdp
+ - policy-xacml-pdp
- "-t"
- "45"
env:
fieldPath: status.podIP
- name: aaf_locator_fqdn
value: dcae
- image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- mountPath: /opt/app/osaaf
name: tls-info
- name: init-consul
- image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.consulLoaderImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
args:
- --key
name: ph-config
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources:
{{ include "common.resources" . | indent 12 }}
- name: CLOUDIFY_USER
value: admin
- name: CLOUDIFY_PASSWORD
- value: admin
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }}
- name: CONFIG_BINDING_SERVICE
value: config-binding-service
- name: POD_IP
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}
+ image: {{ include "repositoryGenerator.image.logging" . }}
imagePullPolicy: IfNotPresent
resources: {}
volumeMounts:
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: v1
kind: Service
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- consulLoaderRepository: nexus3.onap.org:10001
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
- repositoryCred:
- user: docker
- password: docker
+
+secrets:
+ - uid: 'cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+ policy: required
config:
+ cloudifyManagerPassword: "override me"
logstashServiceName: log-ls
logstashPort: 5044
# Addresses of other ONAP entities
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
image: onap/org.onap.dcaegen2.platform.policy-handler:5.1.0
pullPolicy: Always
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP DCAE Redis
-name: dcae-redis
-version: 6.0.0
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-#!/bin/bash
-# ================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-(if [[ "$HOSTNAME" == *{{.Chart.Name}}-0 ]]; then
- echo "delay by 10 seconds for redis server starting"
- sleep 10
-
- NODES=""
- echo "====> wait for all {{.Values.replicaCount}} redis pods up"
- while [ "$(echo $NODES | wc -w)" -lt {{.Values.replicaCount}} ]
- do
- echo "======> $(echo $NODES |wc -w) / {{.Values.replicaCount}} pods up"
- sleep 5
- RESP=$(wget -vO- --ca-certificate /var/run/secrets/kubernetes.io/serviceaccount/ca.crt --header "Authorization: Bearer $(</var/run/secrets/kubernetes.io/serviceaccount/token)" https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/{{.Release.Namespace}}/pods?labelSelector=app={{.Chart.Name}})
-
- IPS=$(echo $RESP | jq -r '.items[].status.podIP')
- IPS2=$(echo $IPS | sed -e 's/[a-zA-Z]*//g')
- echo "======> IPs: ["$IPS2"]"
- NODES=""
- for I in $IPS2; do NODES="$NODES $I:{{.Values.service.externalPort}}"; done
- echo "======> nodes: ["$NODES"]"
- done
- echo "====> all {{.Values.replicaCount}} redis cluster pods are up. wait 10 seconds before the next step"; echo
- sleep 10
-
- echo "====> Configure the cluster"
-
- # $NODES w/o quotes
- echo "======> nodes: [$(echo $NODES |paste -s)]"
- redis-trib create --replicas 1 $(echo $NODES |paste -s)
-fi ) &
-
-redis-server /conf/redis.conf
-
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-data:
- redis.conf: |+
- cluster-enabled yes
- cluster-require-full-coverage no
- cluster-node-timeout 15000
- cluster-config-file /data/nodes.conf
- cluster-migration-barrier 1
- appendonly yes
- protected-mode no
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-scripts
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/redis/scripts/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) }}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-data-{{$i}}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.fullname" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- #Example internal target port if required
- #targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ .Values.service.name }}
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /bin/sh
- - -c
- - |
- /opt/scripts/redis-cluster-config.sh
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- - containerPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name2 }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- exec:
- command:
- - sh
- - -c
- - "redis-cli -h $(hostname) ping"
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /conf
- name: {{ include "common.fullname" . }}-config
- - mountPath: /data
- name: {{ include "common.fullname" . }}-data
- - mountPath: /opt/scripts
- name: {{ include "common.fullname" . }}-scripts
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: redis.conf
- path: redis.conf
- - name: {{ include "common.fullname" . }}-scripts
- configMap:
- name: {{ include "common.fullname" . }}-scripts
- defaultMode: 0755
- - name: localtime
- hostPath:
- path: /etc/localtime
- {{- if not .Values.persistence.enabled }}
- - name: {{ include "common.fullname" . }}-data
- emptyDir: {}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- {{- if .Values.persistence.enabled }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote}}
- {{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.redis-cluster-container:1.0.0
-pullPolicy: Always
-
-# application configuration
-# Example:
-config: {}
-
-# default number of instances
-replicaCount: 3
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 10
- timeoutSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 15
- periodSeconds: 10
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: ClusterIP
- name: dcae-redis
- portName: client
- externalPort: 6379
- internalPort: 6379
- portName2: gossip
- externalPort2: 16379
- internalPort2: 16379
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- accessMode: ReadWriteOnce
- size: 10Mi
- mountPath: /dockerdata-nfs
- mountSubPath: redis/data
-
-ingress:
- enabled: false
- service:
- - baseaddr: "dcaeredis"
- name: "dcae-redis"
- port: 6379
- - baseaddr: "dcaeredisgossip"
- name: "dcae-redis"
- port: 16379
- config:
- ssl: "none"
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- large:
- limits:
- cpu: 4
- memory: 4Gi
- requests:
- cpu: 2
- memory: 2Gi
- unlimited: {}
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2019 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
metadata:
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "dcae-inventory-api"
- --container-name
- "message-router"
- --container-name
- - "sdc-dcae-be"
+ - "sdc-be"
- "-t"
- "45"
env:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
name: tls-info
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources:
{{ include "common.resources" . | indent 12 }}
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- repositoryCred:
- user: docker
- password: docker
config:
logstashServiceName: log-ls
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.3.2
+image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.4.0
pullPolicy: Always
unlimited: {}
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
-# dcae_ns: "dcae"
+# dcae_ns: "dcae"
\ No newline at end of file
version: ~6.x-0
repository: 'file://components/dcae-healthcheck'
condition: dcae-healthcheck.enabled
- - name: dcae-redis
- version: ~6.x-0
- repository: 'file://components/dcae-redis'
- condition: dcae-redis.enabled
- name: dcae-servicechange-handler
version: ~6.x-0
repository: 'file://components/dcae-servicechange-handler'
[
{{- $ctx := . }}
-{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-redis" "dcae-servicechange-handler" }}
+{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-servicechange-handler" }}
{{- range $i, $v := $components }}
{{- if index $ctx.Values . "enabled" }}
{{- if $i }},{{ end }}
{{ $v | quote | indent 2 }}
{{- end -}}
{{- end }}
-]
\ No newline at end of file
+]
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: v1
kind: ConfigMap
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
nodePortPrefix: 302
- tlsRepository: nexus3.onap.org:10001
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- consulLoaderRepository: nexus3.onap.org:10001
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
- busyboxRepository: docker.io
- busyboxImage: library/busybox:1.30
-redis:
- replicaCount: 6
-# Enable all DCAE components except redis by default
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+- name: &cmPassSecretName '{{ include "common.release" . }}-dcaegen2-cm-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.cloudifyManagerPassword }}'
+
+config: {}
+
+# To work around DCAEGEN2-2450, set password strength to "basic"
+# to ensure password contains only alphanumerics
+passwordStrengthOverride: basic
+
+# Enable all DCAE components by default
dcae-bootstrap:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-cloudify-manager:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-config-binding-service:
enabled: true
dcae-dashboard:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-deployment-handler:
enabled: true
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-healthcheck:
enabled: true
dcae-inventory-api:
enabled: true
dcae-policy-handler:
enabled: true
-dcae-redis:
- enabled: false
+ config:
+ cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-servicechange-handler:
- enabled: true
\ No newline at end of file
+ enabled: true
.project
.idea/
*.tmproj
+components/
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+HELM_BIN := helm
+
make-dcaemod: make-dcaemod-distributor-api make-dcaemod-genprocessor make-dcaemod-designtool make-dcaemod-onboarding-api make-dcaemod-runtime-api make-dcaemod-nifi-registry make-dcaemod-healthcheck
make-dcaemod-distributor-api:
- cd components && helm dep up dcaemod-genprocessor && helm lint dcaemod-genprocessor
+ cd components && $(HELM_BIN) dep up dcaemod-genprocessor && $(HELM_BIN) lint dcaemod-genprocessor
make-dcaemod-genprocessor:
- cd components && helm dep up dcaemod-distributor-api && helm lint dcaemod-distributor-api
+ cd components && $(HELM_BIN) dep up dcaemod-distributor-api && $(HELM_BIN) lint dcaemod-distributor-api
make-dcaemod-designtool:
- cd components && helm dep up dcaemod-designtool && helm lint dcaemod-designtool
+ cd components && $(HELM_BIN) dep up dcaemod-designtool && $(HELM_BIN) lint dcaemod-designtool
make-dcaemod-onboarding-api:
- cd components && helm dep up dcaemod-onboarding-api && helm lint dcaemod-onboarding-api
+ cd components && $(HELM_BIN) dep up dcaemod-onboarding-api && $(HELM_BIN) lint dcaemod-onboarding-api
make-dcaemod-runtime-api:
- cd components && helm dep up dcaemod-runtime-api && helm lint dcaemod-runtime-api
+ cd components && $(HELM_BIN) dep up dcaemod-runtime-api && $(HELM_BIN) lint dcaemod-runtime-api
make-dcaemod-nifi-registry:
- cd components && helm dep up dcaemod-nifi-registry && helm lint dcaemod-nifi-registry
+ cd components && $(HELM_BIN) dep up dcaemod-nifi-registry && $(HELM_BIN) lint dcaemod-nifi-registry
make-dcaemod-healthcheck:
- cd components && helm dep up dcaemod-healthcheck && helm lint dcaemod-healthcheck
+ cd components && $(HELM_BIN) dep up dcaemod-healthcheck && $(HELM_BIN) lint dcaemod-healthcheck
clean:
@find . -type f -name '*.tgz' -delete
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcaemod-genprocessor-http
apiVersion: v1
fieldPath: metadata.namespace
- name: {{ include "common.name" . }}-create-bucket
- image: {{ .Values.config.curlImage }}
+ image: {{ include "repositoryGenerator.image.curl" . }}
args:
- -kv
- -X
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
+{{/*
# ================================================================================
# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ include "common.ingress" . }}
\ No newline at end of file
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ include "common.service" . }}
persistence: {}
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
ingress:
enabled: true
config:
nifiJarsIndexURL: http://dcaemod-genprocessor:8080/nifi-jars
distributorAPIURL: /distributor
- curlImage: curlimages/curl:7.68.0
# application image
-repository: nexus3.onap.org:10001
image: onap/org.onap.dcaegen2.platform.mod.designtool-web:1.0.2
service:
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dcaemod-runtime-api
fieldPath: metadata.namespace
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
+{{/*
# ================================================================================
# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ include "common.ingress" . }}
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
-{{ include "common.service" . }}
\ No newline at end of file
+{{ include "common.service" . }}
persistence: {}
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
ingress:
enabled: true
onboardingAPIURL: http://dcaemod-onboarding-api:8080/onboarding
# application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.0.1
+image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.1.0
service:
type: ClusterIP
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: apps/v1
kind: Deployment
# this initContainer changes ownership to uid 1000 gid 1000
# (tried using a securityContext in the pod spec, but it didn't seem to work)
- name: set-permissions
- image: busybox:latest
+ image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- sh
name: genprocessor-data
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
name: genprocessor-data
resources: {{ include "common.resources" . | nindent 12 }}
- name: {{ include "common.name" . }}-http
- image: "{{ include "common.repository" . }}/{{ .Values.httpImage }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.httpImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: /www/data
+{{/*
# ================================================================================
# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
-{{ include "common.ingress" . }}
\ No newline at end of file
+*/}}
+{{ include "common.ingress" . }}
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ include "common.PV" . }}
+{{/*
# ================================================================================
# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ include "common.PVC" . }}
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ include "common.service" . }}
persistence: {}
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
ingress:
enabled: true
virtualhost:
onboardingAPIURL: http://dcaemod-onboarding-api:8080/onboarding
# application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.1
-httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.1
+image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.2
+httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.2
service:
type: ClusterIP
cpu: 2
memory: 2Gi
unlimited: {}
+
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ ( index .Values.service.ports 0).port }}
+ port: {{ include "common.getPort" (dict "global" . "name" "http") }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ ( index .Values.service.ports 0).port }}
+ port: {{ include "common.getPort" (dict "global" . "name" "http") }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
-{{ include "common.service" . }}
\ No newline at end of file
+{{ include "common.service" . }}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
service:
name: dcaemod-healthcheck
initialDelaySeconds: 10
periodSeconds: 10
# application image
-repository: nexus3.onap.org:10001
image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.0.0
# Resource Limit flavor -By Default using small
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: apps/v1
kind: Deployment
# this initContainer changes ownership to uid 1000 gid 1000
# (tried using a securityContext in the pod spec, but it didn't seem to work)
- name: set-permissions
- image: busybox:latest
+ image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- sh
name: flow-storage
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ include "common.PV" . }}
+{{/*
# ================================================================================
# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ include "common.PVC" . }}
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ include "common.secretFast" . }}
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ include "common.service" . }}
persistence: {}
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
config:
dbURL: jdbc:h2:./database/nifi-registry-primary
passwordPolicy: generate
# application image
-repository: docker.io
image: apache/nifi-registry:0.5.0
service:
- name: postgres
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.postgres.nameOverride }}
args:
- -c
- 'PG_CONN=postgresql://${PG_USER}:${PG_PASSWORD}@${PG_ADDR}:${PG_PORT}/${PG_DB_NAME} ./start.sh'
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
+{{/*
# ================================================================================
# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
-{{ include "common.ingress" . }}
\ No newline at end of file
+*/}}
+{{ include "common.ingress" . }}
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ include "common.service" . }}
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
ingress:
enabled: true
virtualhost:
mountInitPath: dcaemod
# application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.1
+image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.3
# Resource Limit flavor -By Default using small
flavor: small
cpu: 2
memory: 2Gi
unlimited: {}
+
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
value: {{ .Values.config.importK8S }}
- name: ONAP_IMPORT_POLICYPLUGIN
value: {{ .Values.config.importPolicy }}
- - name: ONAP_INPORT_POSTGRESPLUGIN
+ - name: ONAP_IMPORT_POSTGRESPLUGIN
value: {{ .Values.config.importPostgres }}
- name: ONAP_IMPORT_CLAMPPLUGIN
value: {{ .Values.config.importClamp }}
- name: ONAP_IMPORT_DMAAPPLUGIN
value: {{ .Values.config.importDMaaP }}
+ - name: ONAP_USEDMAAPPLUGIN
+ value: {{ .Values.config.useDmaapPlugin | quote }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ include "common.secretFast" . }}
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
{{ include "common.service" . }}
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
config:
dashboardURL: https://inventory:8080/dcae-service-types
#dashboardPassword: doesntmatter
mrTopicURL: http://message-router:3904/events
importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml
- importK8S: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/k8splugin/1.7.2/k8splugin_types.yaml
- importPolicy: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/dcaepolicyplugin/2.4.0/dcaepolicyplugin_types.yaml
- importPostgres: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.ccsdk.platform.plugins/type_files/pgaas/1.1.0/pgaas_types.yaml
- importClamp: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/clamppolicyplugin/1.1.0/clamppolicyplugin_types.yaml
- importDMaaP: https://nexus.onap.org/content/repositories/raw/org.onap.ccsdk.platform.plugins/type_files/dmaap/dmaap.yaml
+ importK8S: plugin:k8splugin?version=3.4.2
+ importPostgres: plugin:pgaas?version=1.3.0
+ importClamp: plugin:clamppolicyplugin?version=1.1.0
+ importDMaaP: plugin:dmaap?version=1.5.0
+ useDmaapPlugin: false
secrets:
- uid: "dashsecret"
# Should have a proper readiness endpoint or script
# application image
-repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.3
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.1.1
# Resource Limit flavor -By Default using small
flavor: small
cpu: 2
memory: 2Gi
unlimited: {}
+
+{{/*
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
+*/}}
apiVersion: v1
kind: ConfigMap
name: {{ include "common.release" . }}-dcaemod-expected-components
namespace: {{ include "common.namespace" . }}
data:
-{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
#################################################################
global:
nodePortPrefix: 302
- tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- busyboxRepository: docker.io
- busyboxImage: library/busybox:1.30
# Enable all DCAE MOD components by default
dcaemod-designtool:
.project
.idea/
*.tmproj
+components/
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-make-dmaap: make-dmaap-bc make-message-router make-dmaap-dr-node make-dmaap-dr-prov
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
-make-dmaap-bc:
- cd components && helm dep up dmaap-bc && helm lint dmaap-bc
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-make-message-router:
- cd components && helm dep up message-router && helm lint message-router
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-make-dmaap-dr-node:
- cd components && helm dep up dmaap-dr-node && helm lint dmaap-dr-node
+all: $(HELM_CHARTS)
-make-dmaap-dr-prov:
- cd components && helm dep up dmaap-dr-prov && helm lint dmaap-dr-prov
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
- @find . -type f -name '*.tgz' -delete
- @find . -type f -name '*.lock' -delete
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
version: ~6.x-0
repository: '@local'
condition: PG.enabled
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
# Environment settings for starting a container
DMAAPBC_WAIT_TO_EXIT=Y
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
#####################################################
+{{/*
# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs,Bell Canada
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }}
+{{/*
# Modifications Copyright © 2018 Amdocs,Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
name: {{ include "common.name" . }}-config-input
- mountPath: /config
name: {{ include "common.name" . }}-config
- image: "{{ .Values.global.envsubstImage }}"
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
{{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-permission-fixer
- image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
command: ["chown","-Rf","1000:1001", "/opt/app/"]
# the cadi library is not using the jks password on the jks keystore.
# So, this attempts to "fix" the credential property file until this is fixed properly.
- name: {{ include "common.name" . }}-cred-fixer
- image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
command: ["/bin/sh"]
args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ]
- name: {{ include "common.name" . }}-postgres-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.postgres.nameOverride }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- end }}
containers:
- name: {{ include "common.name" . }}
- image: "{{ .Values.repository }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
{{ if eq .Values.liveness.enabled true -}}
namespace: {{ include "common.namespace" . }}
labels: {{- include "common.labels" . | nindent 4 }}
spec:
- backoffLimit: 5
+ backoffLimit: 20
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dmaap-bc
fieldPath: metadata.namespace
containers:
- name: dmaap-provisioning-job
- image: "{{ include "common.repository" . }}/{{ .Values.global.clientImage }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.clientImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DELAY
+{{/*
# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- envsubstImage: dibi/envsubst
secrets:
- uid: pg-root-pass
pullPolicy: Always
# application images
-repository: nexus3.onap.org:10001
-#repository: 10.12.7.57:5000
image: onap/dmaap/dmaap-bc:2.0.4
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
# ================================================================================
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
+*/}}
# dmaap-dr-node filebeat.yml
filebeat.prospectors:
<appender-ref ref="asyncDebug" />
<appender-ref ref="asyncError" />
<appender-ref ref="asyncJettyLog" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
\ No newline at end of file
+{{/*
#-------------------------------------------------------------------------------
# ============LICENSE_START==================================================
# * org.onap.dmaap
# URL to retrieve dynamic configuration
#
#ProvisioningURL: ${DRTR_PROV_INTURL}
+*/}}
ProvisioningURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaapDrProvExtPort2 }}/internal/prov
#
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- dmaap-dr-prov
fieldPath: metadata.namespace
{{- if .Values.global.aafEnabled }}{{ include "common.aaf-config" . | nindent 8 }}{{ end }}
- name: {{ include "common.name" . }}-permission-fixer
- image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }}
- mountPath: {{ .Values.persistence.spool.path }}
command: ["chown","-Rf","1000:1001", "/opt/app/"]
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
{{- end -}}
# Filebeat sidecar container
- name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ image: {{ include "repositoryGenerator.image.logging" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-filebeat-conf
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-node:2.1.6
+image: onap/dmaap/datarouter-node:2.1.7
pullPolicy: Always
# flag to enable debugging - application support required
- name: certInitializer
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
# ================================================================================
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
+*/}}
# dmaap-dr-prov filebeat.yml
filebeat.prospectors:
#ssl.key: $ssl.key
#The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
\ No newline at end of file
+ #ssl.key_passphrase: $ssl.key_passphrase
<appender-ref ref="asyncEELFError" />
<appender-ref ref="asyncEELFjettylog" />
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
\ No newline at end of file
+{{/*
#-------------------------------------------------------------------------------
# ============LICENSE_START==================================================
# * org.onap.dmaap
# * ECOMP is a trademark and service mark of AT&T Intellectual Property.
# *
#-------------------------------------------------------------------------------
+*/}}
#Jetty Server properties
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
hostname: {{ .Values.global.dmaapDrProvName }}
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.config.dmaapDrDb.mariadbContName }}
{{ include "common.certInitializer.initContainer" . | nindent 8 }}
- name: {{ include "common.name" . }}-permission-fixer
- image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
command: ["chown","-Rf","1000:1001", "/opt/app/"]
{{ end }}
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.config.dmaapDrProv.internalPort }}
{{- end -}}
# Filebeat sidecar container
- name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ image: {{ include "repositoryGenerator.image.logging" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-filebeat-conf
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
- name: {{ .Values.global.dmaapDrProvName }}
+ name: {{ default "dmaap-dr-prov" .Values.global.dmaapDrProvName }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
{{- end}}
selector:
app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
\ No newline at end of file
+ release: {{ include "common.release" . }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.6
+image: onap/dmaap/datarouter-prov:2.1.7
pullPolicy: Always
# flag to enable debugging - application support required
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright © 2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{- if .Values.global.aafEnabled }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-cadi-prop-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/cadi.properties").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-jaas-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/jaas/kafka_server_jaas.conf").AsConfig . | indent 2 }}
----
-{{- else }}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-jaas-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/jaas/zk_client_jaas.conf").AsConfig . | indent 2 }}
----
-{{- end }}
-
-{{- if .Values.prometheus.jmx.enabled }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-prometheus-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig . | indent 2 }}
----
-{{- end }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: policy/v1beta1
-kind: PodDisruptionBudget
-metadata:
- name: {{ include "common.fullname" . }}-pdb
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- maxUnavailable: 1
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{- $global := . -}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-{{ range $i, $e := until (atoi (quote $global.Values.replicaCount) | default 3) }}
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
- name: {{ include "common.release" $global }}-{{ $global.Values.service.name }}-{{ $i }}
- namespace: {{ $global.Release.Namespace }}
- labels:
- app: {{ $global.Values.service.name }}
- chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" $global }}
- heritage: {{ $global.Release.Service }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size }}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{ $i }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
-{{ end }}
-{{ end }}
-{{ end }}
+++ /dev/null
-# Copyright © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- clusterIP: None
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
-
+++ /dev/null
-# Copyright © 2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{- $root := . -}}
-{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ $root.Values.service.name }}-{{ $i }}
- namespace: {{ $root.Release.Namespace }}
- labels:
- app: {{ $root.Values.service.name }}
- chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" $root }}
- heritage: {{ $root.Release.Service }}
-
-spec:
- type: {{ $root.Values.service.type }}
- externalTrafficPolicy: Local
- selector:
- statefulset.kubernetes.io/pod-name: {{ include "common.release" $root }}-{{ $root.Values.service.name }}-{{ $i }}
- ports:
- - port: {{ $root.Values.service.externalPort }}
- targetPort: {{ $root.Values.service.externalPort }}
- nodePort: {{ $root.Values.service.baseNodePort | add $i }}
- name: {{ $root.Values.service.name }}-{{ $i }}
-{{ end }}
+++ /dev/null
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- serviceName: {{ .Values.service.name }}
- replicas: {{ .Values.replicaCount }}
- podManagementPolicy: Parallel
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- {{- if .Values.prometheus.jmx.enabled }}
- annotations:
- prometheus.io/scrape: "true"
- prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
- {{- end }}
- spec:
- podAntiAffinity:
- {{if eq .Values.podAntiAffinityType "hard" -}}
- requiredDuringSchedulingIgnoredDuringExecution:
- {{- else -}}
- preferredDuringSchedulingIgnoredDuringExecution:
- {{- end}}
- - weight: 1
- podAffinityTerm:
- labelSelector:
- matchExpressions:
- - key: "app"
- operator: In
- values:
- - {{ include "common.name" . }}
- - key: "release"
- operator: In
- values:
- - {{ include "common.release" . }}
- topologyKey: "kubernetes.io/hostname"
- {{- if .Values.nodeAffinity }}
- nodeAffinity:
- {{ toYaml .Values.nodeAffinity | indent 10 }}
- {{- end }}
- initContainers:
- - name: {{ include "common.name" . }}-initcontainer
- image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.zookeeper.name }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - command:
- - sh
- - -exec
- - |
- rm -rf '/var/lib/kafka/data/lost+found';
- chown -R 1000:0 /var/lib/kafka/data;
- image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /var/lib/kafka/data
- name: kafka-data
- name: {{ include "common.name" . }}-permission-fixer
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/kafka/secrets/jaas/${PFILE}; done"
- env:
- - name: ZK_ADMIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }}
- - name: ZK_PSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }}
- - name: KAFKA_ADMIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }}
- - name: KAFKA_PSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /etc/kafka/secrets/jaas
- name: jaas-config
- - mountPath: /config-input
- name: jaas
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- containers:
- {{- if .Values.prometheus.jmx.enabled }}
- - name: prometheus-jmx-exporter
- image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - java
- - -XX:+UnlockExperimentalVMOptions
- - -XX:+UseCGroupMemoryLimitForHeap
- - -XX:MaxRAMFraction=1
- - -XshowSettings:vm
- - -jar
- - jmx_prometheus_httpserver.jar
- - {{ .Values.prometheus.jmx.port | quote }}
- - /etc/jmx-kafka/jmx-kafka-prometheus.yml
- ports:
- - containerPort: {{ .Values.prometheus.jmx.port }}
- resources:
-{{ toYaml .Values.prometheus.jmx.resources | indent 10 }}
- volumeMounts:
- - name: jmx-config
- mountPath: /etc/jmx-kafka
- {{- end }}
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- - -exc
- - |
- export KAFKA_BROKER_ID=${HOSTNAME##*-} && \
- {{- if .Values.global.aafEnabled }}
- export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_SASL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_SASL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
- {{ else }}
- export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
- {{- end }}
- exec /etc/confluent/docker/run
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.externalPort }}
- {{- if .Values.prometheus.jmx.enabled }}
- - containerPort: {{ .Values.jmx.port }}
- name: jmx
- {{- end }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- env:
- - name: HOST_IP
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: status.hostIP
- - name: KAFKA_ZOOKEEPER_CONNECT
- value: {{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
- - name: KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE
- value: "{{ .Values.kafka.enableSupport }}"
- - name: KAFKA_OPTS
- value: "{{ .Values.kafka.jaasOptions }}"
- {{- if .Values.global.aafEnabled }}
- - name: KAFKA_OPTS
- value: "{{ .Values.kafka.jaasOptionsAaf }}"
- - name: aaf_locate_url
- value: https://aaf-locate.{{ include "common.namespace" . }}:8095
- - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
- value: "{{ .Values.kafka.protocolMapAaf }}"
- - name: KAFKA_LISTENERS
- value: "{{ .Values.kafka.listenersAaf }}"
- - name: KAFKA_SASL_ENABLED_MECHANISMS
- value: "{{ .Values.kafka.saslMech }}"
- - name: KAFKA_INTER_BROKER_LISTENER_NAME
- value: "{{ .Values.kafka.interBrokerListernerAaf }}"
- - name: KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL
- value: "{{ .Values.kafka.saslInterBrokerProtocol }}"
- - name: KAFKA_AUTHORIZER_CLASS_NAME
- value: "{{ .Values.kafka.authorizer }}"
- {{ else }}
- - name: KAFKA_OPTS
- value: "{{ .Values.kafka.jaasOptions }}"
- - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
- value: "{{ .Values.kafka.protocolMap }}"
- - name: KAFKA_LISTENERS
- value: "{{ .Values.kafka.listeners }}"
- - name: KAFKA_INTER_BROKER_LISTENER_NAME
- value: "{{ .Values.kafka.interBrokerListerner }}"
- {{- end }}
- {{- range $key, $value := .Values.configurationOverrides }}
- - name: {{ printf "KAFKA_%s" $key | replace "." "_" | upper | quote }}
- value: {{ $value | quote }}
- {{- end }}
- {{- if .Values.jmx.port }}
- - name: KAFKA_JMX_PORT
- value: "{{ .Values.jmx.port }}"
- {{- end }}
- - name: enableCadi
- value: "{{ .Values.global.aafEnabled }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /var/run/docker.sock
- name: docker-socket
- {{- if .Values.global.aafEnabled }}
- - mountPath: /etc/kafka/data/cadi.properties
- subPath: cadi.properties
- name: cadi
- {{ end }}
- - name: jaas-config
- mountPath: /etc/kafka/secrets/jaas
- - mountPath: /var/lib/kafka/data
- name: kafka-data
- {{- if .Values.tolerations }}
- tolerations:
- {{ toYaml .Values.tolerations | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: jaas-config
- emptyDir:
- medium: Memory
- - name: docker-socket
- hostPath:
- path: /var/run/docker.sock
- {{- if .Values.global.aafEnabled }}
- - name: cadi
- configMap:
- name: {{ include "common.fullname" . }}-cadi-prop-configmap
- {{ end }}
- - name: jaas
- configMap:
- name: {{ include "common.fullname" . }}-jaas-configmap
- {{- if .Values.prometheus.jmx.enabled }}
- - name: jmx-config
- configMap:
- name: {{ include "common.fullname" . }}-prometheus-configmap
- {{- end }}
-{{ if not .Values.persistence.enabled }}
- - name: kafka-data
- emptyDir: {}
-{{ else }}
- volumeClaimTemplates:
- - metadata:
- name: kafka-data
- labels:
- app: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote }}
-{{ end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- persistence: {}
- ubuntuInitRepository: registry.hub.docker.com
- envsubstImage: dibi/envsubst
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dmaap/kafka111:1.0.4
-pullPolicy: Always
-ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-busyBoxImage: busybox:1.30
-busyBoxRepository: docker.io
-
-
-zookeeper:
- name: message-router-zookeeper
- port: 2181
-
-kafka:
- heapOptions: -Xmx5G -Xms1G
- jaasOptions: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf
- jaasOptionsAaf: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/kafka_server_jaas.conf
- enableSupport: false
- protocolMapAaf: INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT
- protocolMap: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT
- listenersAaf: EXTERNAL_SASL_PLAINTEXT://0.0.0.0:9091,INTERNAL_SASL_PLAINTEXT://0.0.0.0:9092
- listeners: EXTERNAL_PLAINTEXT://0.0.0.0:9091,INTERNAL_PLAINTEXT://0.0.0.0:9092
- authorizer: org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer
- saslInterBrokerProtocol: PLAIN
- saslMech: PLAIN
- interBrokerListernerAaf: INTERNAL_SASL_PLAINTEXT
- interBrokerListerner: INTERNAL_PLAINTEXT
-
-
-configurationOverrides:
- "offsets.topic.replication.factor": "3"
- "log.dirs": "/var/lib/kafka/data"
- "log.retention.hours": "168"
- "num.partitions": "3"
- "offsets.topic.replication.factor": "3"
- "transaction.state.log.replication.factor": "1"
- "transaction.state.log.min.isr": "1"
- "num.recovery.threads.per.data.dir": "5"
- "log.retention.hours": "168"
- "zookeeper.connection.timeout.ms": "6000"
- "default.replication.factor": "3"
- "zookeeper.set.acl": "true"
-
-jmx:
- port: 5555
-
-prometheus:
- jmx:
- enabled: false
- image: solsson/kafka-prometheus-jmx-exporter@sha256
- imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
- imageRepository: docker.io
- port: 5556
-
-jaas:
- config:
- zkClient: kafka
- zkClientPassword: kafka_secret
- kafkaAdminUser: admin
- kafkaAdminPassword: admin_secret
- #kafkaAdminUserExternal: some secret
- #zkClientPasswordExternal: some secret
-
-
-secrets:
- - uid: zk-client
- type: basicAuth
- externalSecret: '{{ .Values.jaas.config.zkClientPasswordExternal}}'
- login: '{{ .Values.jaas.config.zkClient }}'
- password: '{{ .Values.jaas.config.zkClientPassword }}'
- passwordPolicy: required
- - uid: kafka-admin
- type: basicAuth
- externalSecret: '{{ .Values.jaas.config.kafkaAdminUserExternal}}'
- login: '{{ .Values.jaas.config.kafkaAdminUser }}'
- password: '{{ .Values.jaas.config.kafkaAdminPassword }}'
- passwordPolicy: required
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# default number of instances
-replicaCount: 3
-
-
-# To access Kafka outside cluster, this value must be set to hard and the number of nodes in K8S cluster must be equal or greater then replica count
-podAntiAffinityType: soft
-
-# defult partitions
-defaultpartitions: 3
-
-nodeSelector: {}
-
-nodeAffinity: {}
-
-affinity: {}
-
-tolerations: {}
-
-
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 70
- periodSeconds: 20
- timeoutSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 90
- periodSeconds: 20
- timeoutSeconds: 100
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: message-router/data-kafka
-
-service:
- type: NodePort
- name: message-router-kafka
- portName: message-router-kafka
- internalPort: 9092
- internalSSLPort: 9093
- externalPort: 9091
- baseNodePort: 30490
-
-
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2000m
- memory: 4Gi
- requests:
- cpu: 500m
- memory: 1Gi
- large:
- limits:
- cpu: 4000m
- memory: 8Gi
- requests:
- cpu: 1000m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{- if .Values.prometheus.jmx.enabled }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-prometheus-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/jmx-zookeeper-prometheus.yml").AsConfig . | indent 2 }}
----
-{{ end }}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-jaas-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ (.Files.Glob "resources/config/zk_server_jaas.conf").AsConfig | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: policy/v1beta1
-kind: PodDisruptionBudget
-metadata:
- name: {{ include "common.fullname" . }}-pdb
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- maxUnavailable: {{ include "zk.maxUnavailable" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{- $global := . -}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-{{ range $i, $e := until (atoi (quote $global.Values.replicaCount) | default 3) }}
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
- name: {{ include "common.release" $global }}-{{ $global.Values.service.name }}-{{ $i }}
- namespace: {{ $global.Release.Namespace }}
- labels:
- app: {{ $global.Values.service.name }}
- chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" $global }}
- heritage: {{ $global.Release.Service }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size }}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{ $i }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
-{{ end }}
-{{ end }}
-{{ end }}
+++ /dev/null
-# Copyright © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - port: {{ .Values.service.clientPort }}
- name: {{ .Values.service.clientPortName }}
- - port: {{ .Values.service.serverPort }}
- name: {{ .Values.service.serverPortName }}
- - port: {{ .Values.service.leaderElectionPort }}
- name: {{ .Values.service.leaderElectionPortName }}
- clusterIP: None
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- serviceName: {{ .Values.service.name }}
- replicas: {{ .Values.replicaCount }}
- updateStrategy:
- type: RollingUpdate
- rollingUpdate:
- maxUnavailable: {{ .Values.maxUnavailable }}
- podManagementPolicy: Parallel
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- {{- if .Values.prometheus.jmx.enabled }}
- annotations:
- prometheus.io/scrape: "true"
- prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
- {{- end }}
- spec:
- podAntiAffinity:
- preferredDuringSchedulingIgnoredDuringExecution:
- - weight: 1
- podAffinityTerm:
- labelSelector:
- matchExpressions:
- - key: "app"
- operator: In
- values:
- - {{ include "common.name" . }}
- - key: "release"
- operator: In
- values:
- - {{ include "common.release" . }}
- topologyKey: "kubernetes.io/hostname"
- {{- if .Values.nodeAffinity }}
- nodeAffinity:
- {{ toYaml .Values.nodeAffinity | indent 10 }}
- {{- end }}
- initContainers:
- - name: {{ include "common.name" . }}-permission-fixer
- command:
- - sh
- - -exec
- - >
- chown -R 1000:0 /tmp/zookeeper/apikeys;
- image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /tmp/zookeeper/apikeys
- name: zookeeper-data
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/zookeeper/secrets/jaas/${PFILE}; done"
- env:
- - name: ZK_ADMIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "login") | indent 10 }}
- - name: ZK_PSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /etc/zookeeper/secrets/jaas
- name: jaas-config
- - mountPath: /config-input
- name: jaas
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- containers:
- {{- if .Values.prometheus.jmx.enabled }}
- - name: prometheus-jmx-exporter
- image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - java
- - -XX:+UnlockExperimentalVMOptions
- - -XX:+UseCGroupMemoryLimitForHeap
- - -XX:MaxRAMFraction=1
- - -XshowSettings:vm
- - -jar
- - jmx_prometheus_httpserver.jar
- - {{ .Values.prometheus.jmx.port | quote }}
- - /etc/jmx-zookeeper/jmx-zookeeper-prometheus.yml
- ports:
- - containerPort: {{ .Values.prometheus.jmx.port }}
- resources:
-{{ toYaml .Values.prometheus.jmx.resources | indent 10 }}
- volumeMounts:
- - name: jmx-config
- mountPath: /etc/jmx-zookeeper
- {{- end }}
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.clientPort }}
- name: {{ .Values.service.clientPortName }}
- - containerPort: {{ .Values.service.serverPort }}
- name: {{ .Values.service.serverPortName }}
- - containerPort: {{ .Values.service.leaderElectionPort }}
- name: {{ .Values.service.leaderElectionPortName }}
- {{- if .Values.prometheus.jmx.enabled }}
- - containerPort: {{ .Values.jmx.port }}
- name: jmx
- {{- end }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- exec:
- command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 localhost 2181 | grep imok']
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end }}
- readinessProbe:
- exec:
- command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 localhost 2181 | grep imok']
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- resources:
-{{ toYaml .Values.resources | indent 10 }}
- env:
- - name : KAFKA_HEAP_OPTS
- value: "{{ .Values.zkConfig.heapOptions }}"
- {{- if .Values.jmx.port }}
- - name : KAFKA_JMX_PORT
- value: "{{ .Values.jmx.port }}"
- {{- end }}
- - name : ZOOKEEPER_REPLICAS
- value: "{{ .Values.replicaCount }}"
- - name : ZOOKEEPER_TICK_TIME
- value: "{{ .Values.zkConfig.tickTime }}"
- - name : ZOOKEEPER_SYNC_LIMIT
- value: "{{ .Values.zkConfig.syncLimit }}"
- - name : ZOOKEEPER_INIT_LIMIT
- value: "{{ .Values.zkConfig.initLimit }}"
- - name : ZOOKEEPER_MAX_CLIENT_CNXNS
- value: "{{ .Values.zkConfig.maxClientCnxns }}"
- - name : ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT
- value: "{{ .Values.zkConfig.autoPurgeSnapRetainCount}}"
- - name : ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL
- value: "{{ .Values.zkConfig.autoPurgePurgeInterval}}"
- - name: ZOOKEEPER_CLIENT_PORT
- value: "{{ .Values.zkConfig.clientPort }}"
- - name: KAFKA_OPTS
- value: "{{ .Values.zkConfig.kafkaOpts }}"
- - name: ZOOKEEPER_SERVER_ID
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- command:
- - "bash"
- - "-c"
- - |
- ZOOKEEPER_SERVER_ID=$((${HOSTNAME##*-}+1)) \
- /etc/confluent/docker/run
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /var/lib/zookeeper/data
- name: zookeeper-data
- - name: jaas-config
- mountPath: /etc/zookeeper/secrets/jaas
- {{- if .Values.tolerations }}
- tolerations:
- {{ toYaml .Values.tolerations | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: jaas-config
- emptyDir:
- medium: Memory
- - name: docker-socket
- hostPath:
- path: /var/run/docker.sock
- - name: jaas
- configMap:
- name: {{ include "common.fullname" . }}-jaas-configmap
- {{- if .Values.prometheus.jmx.enabled }}
- - name: jmx-config
- configMap:
- name: {{ include "common.fullname" . }}-prometheus-configmap
- {{- end }}
-{{ if not .Values.persistence.enabled }}
- - name: zookeeper-data
- emptyDir: {}
-{{ else }}
- volumeClaimTemplates:
- - metadata:
- name: zookeeper-data
- labels:
- app: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote }}
-{{ end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- ubuntuInitRepository: registry.hub.docker.com
- persistence: {}
- envsubstImage: dibi/envsubst
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dmaap/zookeeper:6.0.3
-pullPolicy: Always
-ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-busyBoxImage: busybox:1.30
-busyBoxRepository: docker.io
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-
-# default number of instances
-replicaCount: 3
-
-nodeSelector: {}
-
-nodeAffinity: {}
-
-affinity: {}
-
-tolerations: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 40
- periodSeconds: 20
- timeoutSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 40
- periodSeconds: 20
- timeoutSeconds: 10
-
-#Zookeeper properties
-zkConfig:
- tickTime: 2000
- syncLimit: 5
- initLimit: 10
- maxClientCnxns: 200
- autoPurgeSnapRetainCount: 3
- autoPurgePurgeInterval: 24
- heapOptions: -Xmx2G -Xms2G
- kafkaOpts: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl
- clientPort: 2181
-
-jmx:
- port: 5555
-
-prometheus:
- jmx:
- enabled: false
- image: solsson/kafka-prometheus-jmx-exporter@sha256
- imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
- imageRepository: docker.io
- port: 5556
-
-jaas:
- config:
- zkAdminUser: kafka
- zkAdminPassword: kafka_secret
- #zkAdminPasswordExternal= some password
-
-secrets:
- - uid: zk-admin
- type: basicAuth
- externalSecret: '{{ .Values.jaas.config.zkAdminPasswordExternal}}'
- login: '{{ .Values.jaas.config.zkAdminUser }}'
- password: '{{ .Values.jaas.config.zkAdminPassword }}'
- passwordPolicy: required
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: message-router/data-zookeeper
-
-
-rollingUpdate:
- maxUnavailable: 1
-service:
- type: ClusterIP
- name: message-router-zookeeper
- portName: message-router-zookeeper
- clientPortName: client
- clientPort: 2181
- serverPortName: server
- serverPort: 2888
- leaderElectionPortName: leader-election
- leaderElectionPort: 3888
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2000m
- memory: 4Gi
- requests:
- cpu: 500m
- memory: 1Gi
- large:
- limits:
- cpu: 4000m
- memory: 8Gi
- requests:
- cpu: 1000m
- memory: 2Gi
- unlimited: {}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+
--- /dev/null
+{{/*
+# Copyright © 2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.aafEnabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-cadi-prop-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/cadi.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-jaas-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/jaas/kafka_server_jaas.conf").AsConfig . | indent 2 }}
+---
+{{- else }}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-jaas-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/jaas/zk_client_jaas.conf").AsConfig . | indent 2 }}
+---
+{{- end }}
+
+{{- if .Values.prometheus.jmx.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig . | indent 2 }}
+---
+{{- end }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ include "common.fullname" . }}-pdb
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ maxUnavailable: 1
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- $global := . -}}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+{{- if eq "True" (include "common.needPV" .) -}}
+{{ range $i, $e := until (atoi (quote $global.Values.replicaCount) | default 3) }}
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: {{ include "common.release" $global }}-{{ $global.Values.service.name }}-{{ $i }}
+ namespace: {{ $global.Release.Namespace }}
+ labels:
+ app: {{ $global.Values.service.name }}
+ chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" $global }}
+ heritage: {{ $global.Release.Service }}
+spec:
+ capacity:
+ storage: {{ $global.Values.persistence.size }}
+ accessModes:
+ - {{ $global.Values.persistence.accessMode }}
+ storageClassName: "{{ include "common.fullname" $global }}-data"
+ hostPath:
+ path: {{ $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{ $i }}
+ persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
+{{ end }}
+{{ end }}
+{{ end }}
--- /dev/null
+{{/*
+# Copyright © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ ports:
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ clusterIP: None
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+
--- /dev/null
+{{/*
+# Copyright © 2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- $root := . -}}
+{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ $root.Values.service.name }}-{{ $i }}
+ namespace: {{ $root.Release.Namespace }}
+ labels:
+ app: {{ $root.Values.service.name }}
+ chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" $root }}
+ heritage: {{ $root.Release.Service }}
+
+spec:
+ type: {{ $root.Values.service.type }}
+ externalTrafficPolicy: Local
+ selector:
+ statefulset.kubernetes.io/pod-name: {{ include "common.release" $root }}-{{ $root.Values.service.name }}-{{ $i }}
+ ports:
+ - port: {{ $root.Values.service.externalPort }}
+ targetPort: {{ $root.Values.service.externalPort }}
+ nodePort: {{ $root.Values.service.baseNodePort | add $i }}
+ name: {{ $root.Values.service.name }}-{{ $i }}
+{{ end }}
--- /dev/null
+{{/*
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ serviceName: {{ .Values.service.name }}
+ replicas: {{ .Values.replicaCount }}
+ podManagementPolicy: Parallel
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ {{- if .Values.prometheus.jmx.enabled }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
+ {{- end }}
+ spec:
+ {{- if .Values.nodeAffinity }}
+ nodeAffinity:
+ {{ toYaml .Values.nodeAffinity | indent 10 }}
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{ .Values.zookeeper.name }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - command:
+ - sh
+ - -exec
+ - |
+ rm -rf '/var/lib/kafka/data/lost+found';
+ chown -R 1000:0 /var/lib/kafka/data;
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /var/lib/kafka/data
+ name: kafka-data
+ name: {{ include "common.name" . }}-permission-fixer
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/kafka/secrets/jaas/${PFILE}; done"
+ env:
+ - name: ZK_ADMIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }}
+ - name: ZK_PSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }}
+ - name: KAFKA_ADMIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }}
+ - name: KAFKA_PSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /etc/kafka/secrets/jaas
+ name: jaas-config
+ - mountPath: /config-input
+ name: jaas
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ containers:
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: prometheus-jmx-exporter
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - java
+ - -XX:+UnlockExperimentalVMOptions
+ - -XX:+UseCGroupMemoryLimitForHeap
+ - -XX:MaxRAMFraction=1
+ - -XshowSettings:vm
+ - -jar
+ - jmx_prometheus_httpserver.jar
+ - {{ .Values.prometheus.jmx.port | quote }}
+ - /etc/jmx-kafka/jmx-kafka-prometheus.yml
+ ports:
+ - containerPort: {{ .Values.prometheus.jmx.port }}
+ resources:
+{{ toYaml .Values.prometheus.jmx.resources | indent 10 }}
+ volumeMounts:
+ - name: jmx-config
+ mountPath: /etc/jmx-kafka
+ {{- end }}
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ - -exc
+ - |
+ export KAFKA_BROKER_ID=${HOSTNAME##*-} && \
+ {{- if .Values.global.aafEnabled }}
+ export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_SASL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_SASL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
+ {{ else }}
+ export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
+ {{- end }}
+ exec /etc/confluent/docker/run
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.externalPort }}
+ {{- if .Values.prometheus.jmx.enabled }}
+ - containerPort: {{ .Values.jmx.port }}
+ name: jmx
+ {{- end }}
+ {{ if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ env:
+ - name: HOST_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.hostIP
+ - name: KAFKA_ZOOKEEPER_CONNECT
+ value: {{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
+ - name: KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE
+ value: "{{ .Values.kafka.enableSupport }}"
+ - name: KAFKA_OPTS
+ value: "{{ .Values.kafka.jaasOptions }}"
+ {{- if .Values.global.aafEnabled }}
+ - name: KAFKA_OPTS
+ value: "{{ .Values.kafka.jaasOptionsAaf }}"
+ - name: aaf_locate_url
+ value: https://aaf-locate.{{ include "common.namespace" . }}:8095
+ - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
+ value: "{{ .Values.kafka.protocolMapAaf }}"
+ - name: KAFKA_LISTENERS
+ value: "{{ .Values.kafka.listenersAaf }}"
+ - name: KAFKA_SASL_ENABLED_MECHANISMS
+ value: "{{ .Values.kafka.saslMech }}"
+ - name: KAFKA_INTER_BROKER_LISTENER_NAME
+ value: "{{ .Values.kafka.interBrokerListernerAaf }}"
+ - name: KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL
+ value: "{{ .Values.kafka.saslInterBrokerProtocol }}"
+ - name: KAFKA_AUTHORIZER_CLASS_NAME
+ value: "{{ .Values.kafka.authorizer }}"
+ {{ else }}
+ - name: KAFKA_OPTS
+ value: "{{ .Values.kafka.jaasOptions }}"
+ - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
+ value: "{{ .Values.kafka.protocolMap }}"
+ - name: KAFKA_LISTENERS
+ value: "{{ .Values.kafka.listeners }}"
+ - name: KAFKA_INTER_BROKER_LISTENER_NAME
+ value: "{{ .Values.kafka.interBrokerListerner }}"
+ {{- end }}
+ {{- range $key, $value := .Values.configurationOverrides }}
+ - name: {{ printf "KAFKA_%s" $key | replace "." "_" | upper | quote }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- if .Values.jmx.port }}
+ - name: KAFKA_JMX_PORT
+ value: "{{ .Values.jmx.port }}"
+ {{- end }}
+ - name: enableCadi
+ value: "{{ .Values.global.aafEnabled }}"
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /var/run/docker.sock
+ name: docker-socket
+ {{- if .Values.global.aafEnabled }}
+ - mountPath: /etc/kafka/data/cadi.properties
+ subPath: cadi.properties
+ name: cadi
+ {{ end }}
+ - name: jaas-config
+ mountPath: /etc/kafka/secrets/jaas
+ - mountPath: /var/lib/kafka/data
+ name: kafka-data
+ {{- if .Values.tolerations }}
+ tolerations:
+ {{ toYaml .Values.tolerations | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: jaas-config
+ emptyDir:
+ medium: Memory
+ - name: docker-socket
+ hostPath:
+ path: /var/run/docker.sock
+ {{- if .Values.global.aafEnabled }}
+ - name: cadi
+ configMap:
+ name: {{ include "common.fullname" . }}-cadi-prop-configmap
+ {{ end }}
+ - name: jaas
+ configMap:
+ name: {{ include "common.fullname" . }}-jaas-configmap
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: jmx-config
+ configMap:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ {{- end }}
+{{ if not .Values.persistence.enabled }}
+ - name: kafka-data
+ emptyDir: {}
+{{ else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: kafka-data
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ include "common.release" . }}"
+ heritage: "{{ .Release.Service }}"
+ spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode | quote }}
+ storageClassName: {{ include "common.storageClass" . }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+{{ end }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ persistence: {}
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/dmaap/kafka111:1.0.4
+pullPolicy: Always
+
+
+zookeeper:
+ name: message-router-zookeeper
+ port: 2181
+
+kafka:
+ heapOptions: -Xmx5G -Xms1G
+ jaasOptions: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf
+ jaasOptionsAaf: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/kafka_server_jaas.conf
+ enableSupport: false
+ protocolMapAaf: INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT
+ protocolMap: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT
+ listenersAaf: EXTERNAL_SASL_PLAINTEXT://0.0.0.0:9091,INTERNAL_SASL_PLAINTEXT://0.0.0.0:9092
+ listeners: EXTERNAL_PLAINTEXT://0.0.0.0:9091,INTERNAL_PLAINTEXT://0.0.0.0:9092
+ authorizer: org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer
+ saslInterBrokerProtocol: PLAIN
+ saslMech: PLAIN
+ interBrokerListernerAaf: INTERNAL_SASL_PLAINTEXT
+ interBrokerListerner: INTERNAL_PLAINTEXT
+
+
+configurationOverrides:
+ "offsets.topic.replication.factor": "3"
+ "log.dirs": "/var/lib/kafka/data"
+ "log.retention.hours": "168"
+ "num.partitions": "3"
+ "offsets.topic.replication.factor": "3"
+ "transaction.state.log.replication.factor": "1"
+ "transaction.state.log.min.isr": "1"
+ "num.recovery.threads.per.data.dir": "5"
+ "log.retention.hours": "168"
+ "zookeeper.connection.timeout.ms": "6000"
+ "default.replication.factor": "3"
+ "zookeeper.set.acl": "true"
+
+jmx:
+ port: 5555
+
+prometheus:
+ jmx:
+ enabled: false
+ image: solsson/kafka-prometheus-jmx-exporter@sha256
+ imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
+ port: 5556
+
+jaas:
+ config:
+ zkClient: kafka
+ zkClientPassword: kafka_secret
+ kafkaAdminUser: admin
+ kafkaAdminPassword: admin_secret
+ #kafkaAdminUserExternal: some secret
+ #zkClientPasswordExternal: some secret
+
+
+secrets:
+ - uid: zk-client
+ type: basicAuth
+ externalSecret: '{{ .Values.jaas.config.zkClientPasswordExternal}}'
+ login: '{{ .Values.jaas.config.zkClient }}'
+ password: '{{ .Values.jaas.config.zkClientPassword }}'
+ passwordPolicy: required
+ - uid: kafka-admin
+ type: basicAuth
+ externalSecret: '{{ .Values.jaas.config.kafkaAdminUserExternal}}'
+ login: '{{ .Values.jaas.config.kafkaAdminUser }}'
+ password: '{{ .Values.jaas.config.kafkaAdminPassword }}'
+ passwordPolicy: required
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+replicaCount: 3
+
+
+# To access Kafka outside cluster, this value must be set to hard and the number of nodes in K8S cluster must be equal or greater then replica count
+podAntiAffinityType: soft
+
+# defult partitions
+defaultpartitions: 3
+
+nodeSelector: {}
+
+nodeAffinity: {}
+
+affinity: {}
+
+tolerations: {}
+
+
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 70
+ periodSeconds: 20
+ timeoutSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 90
+ periodSeconds: 20
+ timeoutSeconds: 100
+
+## Persist data to a persitent volume
+persistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ accessMode: ReadWriteOnce
+ size: 2Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: message-router/data-kafka
+
+service:
+ type: NodePort
+ name: message-router-kafka
+ portName: message-router-kafka
+ internalPort: 9092
+ internalSSLPort: 9093
+ externalPort: 9091
+ baseNodePort: 30490
+
+
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2000m
+ memory: 4Gi
+ requests:
+ cpu: 500m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4000m
+ memory: 8Gi
+ requests:
+ cpu: 1000m
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+
--- /dev/null
+{{/*
+# Copyright © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.prometheus.jmx.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/jmx-zookeeper-prometheus.yml").AsConfig . | indent 2 }}
+---
+{{ end }}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-jaas-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ (.Files.Glob "resources/config/zk_server_jaas.conf").AsConfig | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ include "common.fullname" . }}-pdb
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ maxUnavailable: {{ include "zk.maxUnavailable" . }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- $global := . -}}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+{{- if eq "True" (include "common.needPV" .) -}}
+{{ range $i, $e := until (atoi (quote $global.Values.replicaCount) | default 3) }}
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: {{ include "common.release" $global }}-{{ $global.Values.service.name }}-{{ $i }}
+ namespace: {{ $global.Release.Namespace }}
+ labels:
+ app: {{ $global.Values.service.name }}
+ chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" $global }}
+ heritage: {{ $global.Release.Service }}
+spec:
+ capacity:
+ storage: {{ $global.Values.persistence.size }}
+ accessModes:
+ - {{ $global.Values.persistence.accessMode }}
+ storageClassName: "{{ include "common.fullname" $global }}-data"
+ hostPath:
+ path: {{ $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{ $i }}
+ persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
+{{ end }}
+{{ end }}
+{{ end }}
--- /dev/null
+{{/*
+# Copyright © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.clientPort }}
+ name: {{ .Values.service.clientPortName }}
+ - port: {{ .Values.service.serverPort }}
+ name: {{ .Values.service.serverPortName }}
+ - port: {{ .Values.service.leaderElectionPort }}
+ name: {{ .Values.service.leaderElectionPortName }}
+ clusterIP: None
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ serviceName: {{ .Values.service.name }}
+ replicas: {{ .Values.replicaCount }}
+ updateStrategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: {{ .Values.maxUnavailable }}
+ podManagementPolicy: Parallel
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ {{- if .Values.prometheus.jmx.enabled }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
+ {{- end }}
+ spec:
+ {{- if .Values.nodeAffinity }}
+ nodeAffinity:
+ {{ toYaml .Values.nodeAffinity | indent 10 }}
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ initContainers:
+ - name: {{ include "common.name" . }}-permission-fixer
+ command:
+ - sh
+ - -exec
+ - >
+ chown -R 1000:0 /tmp/zookeeper/apikeys;
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /tmp/zookeeper/apikeys
+ name: zookeeper-data
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/zookeeper/secrets/jaas/${PFILE}; done"
+ env:
+ - name: ZK_ADMIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "login") | indent 10 }}
+ - name: ZK_PSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /etc/zookeeper/secrets/jaas
+ name: jaas-config
+ - mountPath: /config-input
+ name: jaas
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ containers:
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: prometheus-jmx-exporter
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - java
+ - -XX:+UnlockExperimentalVMOptions
+ - -XX:+UseCGroupMemoryLimitForHeap
+ - -XX:MaxRAMFraction=1
+ - -XshowSettings:vm
+ - -jar
+ - jmx_prometheus_httpserver.jar
+ - {{ .Values.prometheus.jmx.port | quote }}
+ - /etc/jmx-zookeeper/jmx-zookeeper-prometheus.yml
+ ports:
+ - containerPort: {{ .Values.prometheus.jmx.port }}
+ resources:
+{{ toYaml .Values.prometheus.jmx.resources | indent 10 }}
+ volumeMounts:
+ - name: jmx-config
+ mountPath: /etc/jmx-zookeeper
+ {{- end }}
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ ports:
+ - containerPort: {{ .Values.service.clientPort }}
+ name: {{ .Values.service.clientPortName }}
+ - containerPort: {{ .Values.service.serverPort }}
+ name: {{ .Values.service.serverPortName }}
+ - containerPort: {{ .Values.service.leaderElectionPort }}
+ name: {{ .Values.service.leaderElectionPortName }}
+ {{- if .Values.prometheus.jmx.enabled }}
+ - containerPort: {{ .Values.jmx.port }}
+ name: jmx
+ {{- end }}
+ {{ if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ exec:
+ command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 localhost 2181 | grep imok']
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end }}
+ readinessProbe:
+ exec:
+ command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 localhost 2181 | grep imok']
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ resources:
+{{ include "common.resources" . | indent 10 }}
+ env:
+ - name : KAFKA_HEAP_OPTS
+ value: "{{ .Values.zkConfig.heapOptions }}"
+ {{- if .Values.jmx.port }}
+ - name : KAFKA_JMX_PORT
+ value: "{{ .Values.jmx.port }}"
+ {{- end }}
+ - name : ZOOKEEPER_REPLICAS
+ value: "{{ .Values.replicaCount }}"
+ - name : ZOOKEEPER_TICK_TIME
+ value: "{{ .Values.zkConfig.tickTime }}"
+ - name : ZOOKEEPER_SYNC_LIMIT
+ value: "{{ .Values.zkConfig.syncLimit }}"
+ - name : ZOOKEEPER_INIT_LIMIT
+ value: "{{ .Values.zkConfig.initLimit }}"
+ - name : ZOOKEEPER_MAX_CLIENT_CNXNS
+ value: "{{ .Values.zkConfig.maxClientCnxns }}"
+ - name : ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT
+ value: "{{ .Values.zkConfig.autoPurgeSnapRetainCount}}"
+ - name : ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL
+ value: "{{ .Values.zkConfig.autoPurgePurgeInterval}}"
+ - name: ZOOKEEPER_CLIENT_PORT
+ value: "{{ .Values.zkConfig.clientPort }}"
+ - name: KAFKA_OPTS
+ value: "{{ .Values.zkConfig.kafkaOpts }}"
+ - name: ZOOKEEPER_SERVER_ID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ command:
+ - "bash"
+ - "-c"
+ - |
+ ZOOKEEPER_SERVER_ID=$((${HOSTNAME##*-}+1)) \
+ /etc/confluent/docker/run
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /var/lib/zookeeper/data
+ name: zookeeper-data
+ - name: jaas-config
+ mountPath: /etc/zookeeper/secrets/jaas
+ {{- if .Values.tolerations }}
+ tolerations:
+ {{ toYaml .Values.tolerations | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: jaas-config
+ emptyDir:
+ medium: Memory
+ - name: docker-socket
+ hostPath:
+ path: /var/run/docker.sock
+ - name: jaas
+ configMap:
+ name: {{ include "common.fullname" . }}-jaas-configmap
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: jmx-config
+ configMap:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ {{- end }}
+{{ if not .Values.persistence.enabled }}
+ - name: zookeeper-data
+ emptyDir: {}
+{{ else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: zookeeper-data
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ include "common.release" . }}"
+ heritage: "{{ .Release.Service }}"
+ spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode | quote }}
+ storageClassName: {{ include "common.storageClass" . }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+{{ end }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ persistence: {}
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/dmaap/zookeeper:6.0.3
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+
+# default number of instances
+replicaCount: 3
+
+nodeSelector: {}
+
+nodeAffinity: {}
+
+affinity: {}
+
+tolerations: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 40
+ periodSeconds: 20
+ timeoutSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 40
+ periodSeconds: 20
+ timeoutSeconds: 10
+
+#Zookeeper properties
+zkConfig:
+ tickTime: 2000
+ syncLimit: 5
+ initLimit: 10
+ maxClientCnxns: 200
+ autoPurgeSnapRetainCount: 3
+ autoPurgePurgeInterval: 24
+ heapOptions: -Xmx2G -Xms2G
+ kafkaOpts: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl
+ clientPort: 2181
+
+jmx:
+ port: 5555
+
+prometheus:
+ jmx:
+ enabled: false
+ image: solsson/kafka-prometheus-jmx-exporter@sha256
+ imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
+ port: 5556
+
+jaas:
+ config:
+ zkAdminUser: kafka
+ zkAdminPassword: kafka_secret
+ #zkAdminPasswordExternal= some password
+
+secrets:
+ - uid: zk-admin
+ type: basicAuth
+ externalSecret: '{{ .Values.jaas.config.zkAdminPasswordExternal}}'
+ login: '{{ .Values.jaas.config.zkAdminUser }}'
+ password: '{{ .Values.jaas.config.zkAdminPassword }}'
+ passwordPolicy: required
+
+## Persist data to a persitent volume
+persistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ accessMode: ReadWriteOnce
+ size: 2Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: message-router/data-zookeeper
+
+
+rollingUpdate:
+ maxUnavailable: 1
+service:
+ type: ClusterIP
+ name: message-router-zookeeper
+ portName: message-router-zookeeper
+ clientPortName: client
+ clientPort: 2181
+ serverPortName: server
+ serverPort: 2888
+ leaderElectionPortName: leader-election
+ leaderElectionPort: 3888
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2000m
+ memory: 4Gi
+ requests:
+ cpu: 500m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4000m
+ memory: 8Gi
+ requests:
+ cpu: 1000m
+ memory: 2Gi
+ unlimited: {}
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
-
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: message-router-kafka
+ version: ~6.x-0
+ repository: 'file://components/message-router-kafka'
+ - name: message-router-zookeeper
+ version: ~6.x-0
+ repository: 'file://components/message-router-zookeeper'
+{{/*
# LICENSE_START=======================================================
# org.onap.dmaap
# ================================================================================
##
#config.zk.servers=172.18.1.1
#config.zk.servers={{.Values.zookeeper.name}}:{{.Values.zookeeper.port}}
+*/}}
config.zk.servers={{include "common.release" .}}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{include "common.release" .}}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{include "common.release" .}}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
#config.zk.root=/fe3c/cambria/config
<jmxConfigurator />
<property name="logDirectory" value="${AJSC_HOME}/log" />
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>ERROR</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
</pattern>
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
metadata:
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Secret
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.service" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: StatefulSet
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ .Values.kafka.name }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
{{- if .Values.prometheus.jmx.enabled }}
- name: prometheus-jmx-exporter
- image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- java
mountPath: /etc/jmx-kafka
{{- end }}
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
{{- if eq .Values.liveness.enabled true }}
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
#################################################################
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
image: onap/dmaap/dmaap-mr:1.1.18
pullPolicy: Always
enabled: false
image: solsson/kafka-prometheus-jmx-exporter@sha256
imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
- imageRepository: docker.io
port: 5556
targetPort: 5555
+{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
# ================================================================================
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
+*/}}
filebeat.prospectors:
#it is mandatory, in our case it's log
+{{/*
#
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
#
+*/}}
apiVersion: v1
kind: ConfigMap
metadata:
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
clientImage: onap/dmaap/dbc-client:1.0.9
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- securityContext:
- runAsUser: 1000
- runAsGroup: 1001
- fsGroup: 1001
- initContainers:
- - command:
- - cp
- args:
- - -r
- - -T
- - /home/esr/tomcat
- - /opt/tomcat
- securityContext:
- privileged: true
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: create-tomcat-dir
- volumeMounts:
- - name: tomcat-workdir
- mountPath: /opt/tomcat
-
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_ADDR
- value: {{ tpl .Values.msbaddr . }}
- volumeMounts:
- - name: tomcat-workdir
- mountPath: /home/esr/tomcat/
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- volumes:
- - name: tomcat-workdir
- emptyDir: {}
-
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "aai-esr-gui",
- "version": "v1",
- "url": "/esr-gui",
- "protocol": "UI",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"1",
- "path":"/iui/aai-esr-gui"
- }
- ]'
-spec:
- ports:
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/aai/esr-gui:1.4.0
-pullPolicy: Always
-msbaddr: msb-iag.{{ include "common.namespace" . }}:443
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- name: esr-gui
- internalPort: 8080
-
-ingress:
- enabled: false
-
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"]
- #If enable will do load balancing among availabe Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-
-<configuration scan="false" debug="true">
- <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
- <property name="p_lvl" value="%level"/>
- <property name="p_log" value="%logger"/>
- <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
- <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_thr" value="%thread"/>
- <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
-
- <property name="logDir" value="/var/log/onap" />
- <property name="debugDir" value="/var/log/onap" />
-
- <property name="componentName" value="esr"></property>
- <property name="subComponentName" value="esr-server"></property>
-
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
-
- <property name="errorPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
- <property name="debugPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
-
- <property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" />
- <property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
-
- <appender name="EELFAudit"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.log.%d</fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>${auditPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
-
- <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${metricsLogName}.log.%d</fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>${metricPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFMetrics"/>
- </appender>
-
- <appender name="EELFError"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${errorLogName}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.log.%d</fileNamePattern>
- </rollingPolicy>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <encoder>
- <pattern>${errorPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFError"/>
- </appender>
-
- <appender name="EELFDebug"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${debugLogDirectory}/${debugLogName}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${debugLogDirectory}/${debugLogName}.log.%d</fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>${debugPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>true</includeCallerData>
- </appender>
-
- <logger name="com.att.eelf.audit" level="info" additivity="false">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
-
- <logger name="com.att.eelf.metrics" level="info" additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
-
- <logger name="com.att.eelf.error" level="debug" additivity="false">
- <appender-ref ref="asyncEELFError" />
- </logger>
-
- <root level="INFO">
- <appender-ref ref="asyncEELFDebug" />
- </root>
-
-</configuration>
-
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-esr-filebeat-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- securityContext:
- runAsUser: 1000
- runAsGroup: 1001
- fsGroup: 1001
- initContainers:
- - command:
- - cp
- args:
- - -r
- - -T
- - /home/esr/conf
- - /opt/conf
- securityContext:
- privileged: true
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: create-conf-dir
- volumeMounts:
- - name: conf-dir
- mountPath: /opt/conf
-
- containers:
- - name: {{ .Chart.Name }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_ADDR
- value: {{ tpl .Values.msbaddr . }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /home/esr/works/logs
- name: {{ include "common.fullname" . }}-logs
- - mountPath: /home/esr/conf
- name: conf-dir
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- # Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- securityContext:
- runAsUser: 1000
- runAsGroup: 1000
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap/esr/esr-server
- - mountPath: /opt/ajsc/etc/config/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
- subPath: logback.xml
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-log-conf
- configMap:
- name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.fullname" . }}-esr-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: conf-dir
- emptyDir: {}
-
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "aai-esr-server",
- "version": "v1",
- "url": "/api/aai-esr-server/v1",
- "protocol": "REST",
- "port": "{{.Values.service.internalPort}}",
- "enable_ssl": true,
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-subChartsOnly:
- enabled: true
-
-# application image
-repository: nexus3.onap.org:10001
-image: onap/aai/esr-server:1.5.2
-pullPolicy: Always
-msbaddr: msb-iag.{{ include "common.namespace" . }}:443
-
-# application configuration
-config:
- logstashServiceName: log-ls
- logstashPort: 5044
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: esr-server
- portName: esr-server
- externalPort: 9518
- internalPort: 9518
-
-ingress:
- enabled: false
-
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 1001
+ fsGroup: 1001
+ initContainers:
+ - command:
+ - cp
+ args:
+ - -r
+ - -T
+ - /home/esr/tomcat
+ - /opt/tomcat
+ securityContext:
+ privileged: true
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: create-tomcat-dir
+ volumeMounts:
+ - name: tomcat-workdir
+ mountPath: /opt/tomcat
+
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: MSB_ADDR
+ value: {{ tpl .Values.msbaddr . }}
+ volumeMounts:
+ - name: tomcat-workdir
+ mountPath: /home/esr/tomcat/
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ volumes:
+ - name: tomcat-workdir
+ emptyDir: {}
+
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "aai-esr-gui",
+ "version": "v1",
+ "url": "/esr-gui",
+ "protocol": "UI",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"1",
+ "path":"/iui/aai-esr-gui"
+ }
+ ]'
+spec:
+ ports:
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.name }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ persistence: {}
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/aai/esr-gui:1.4.0
+pullPolicy: Always
+msbaddr: msb-iag.{{ include "common.namespace" . }}:443
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ name: esr-gui
+ internalPort: 8080
+
+ingress:
+ enabled: false
+
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+#resources:
+# limits:
+# cpu: 2
+# memory: 4Gi
+# requests:
+# cpu: 2
+# memory: 4Gi
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+ #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+ paths:
+ - /var/log/onap/*/*/*/*.log
+ - /var/log/onap/*/*/*.log
+ - /var/log/onap/*/*.log
+ #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+ ignore_older: 48h
+ # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+ clean_inactive: 96h
+
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+ #List of logstash server ip addresses with port number.
+ #But, in our case, this will be the loadbalancer IP address.
+ #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+ hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"]
+ #If enable will do load balancing among availabe Logstash, automatically.
+ loadbalance: true
+
+ #The list of root certificates for server verifications.
+ #If certificate_authorities is empty or not set, the trusted
+ #certificate authorities of the host system are used.
+ #ssl.certificate_authorities: $ssl.certificate_authorities
+
+ #The path to the certificate for SSL client authentication. If the certificate is not specified,
+ #client authentication is not available.
+ #ssl.certificate: $ssl.certificate
+
+ #The client certificate key used for client authentication.
+ #ssl.key: $ssl.key
+
+ #The passphrase used to decrypt an encrypted key stored in the configured key file
+ #ssl.key_passphrase: $ssl.key_passphrase
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+-->
+
+<configuration scan="{{ .Values.log.scan.enabled }}" debug="{{ .Values.log.debug }}">
+
+ <property name="componentName" value='{{default "UNSET_COMPONENT" .Values.log.componentName}}'/>
+ <property name="subcomponentName" value='{{default "UNSET_SUBCOMPONENT" .Values.log.subcomponentName}}'/>
+
+ <property name="logDir" value="{{ .Values.log.logDir }}" />
+ <property name="queueSize" value="{{ .Values.log.queueSize }}"/>
+
+ <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
+ <property name="p_lvl" value="%level"/>
+ <property name="p_log" value="%logger"/>
+ <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
+ <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_thr" value="%thread"/>
+ <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
+
+ <property name="errorLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+
+ <property name="errorPattern" value="${p_tim}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
+ <property name="debugPattern" value="${p_tim}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
+ <property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" />
+ <property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
+
+ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
+
+ <!-- Console (human-readable) logging -->
+ <property name="consolePattern" value="%nopexception${p_log}\t${p_tim}\t${p_lvl}\t%message\t${p_mdc}\t%rootException\t${p_mak}\t${p_thr}%n"/>
+
+ <appender name="EELFAudit"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}.log.%d</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+
+ <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}.log.%d</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${metricPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFMetrics"/>
+ </appender>
+
+ <appender name="EELFError"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${errorLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${errorLogName}.log.%d</fileNamePattern>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFError"/>
+ </appender>
+
+ <appender name="EELFDebug"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${debugLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${debugLogName}.log.%d</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>true</includeCallerData>
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${consolePattern}</pattern>
+ </encoder>
+ </appender>
+
+ <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+
+ <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+
+ <logger name="com.att.eelf.error" level="debug" additivity="false">
+ <appender-ref ref="asyncEELFError" />
+ </logger>
+
+ <root level="{{ .Values.log.root.level }}">
+ <appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
+ </root>
+
+</configuration>
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-esr-filebeat-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 1001
+ fsGroup: 1001
+ initContainers:
+ - command:
+ - cp
+ args:
+ - -r
+ - -T
+ - /home/esr/conf
+ - /opt/conf
+ securityContext:
+ privileged: true
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: create-conf-dir
+ volumeMounts:
+ - name: conf-dir
+ mountPath: /opt/conf
+
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: MSB_ADDR
+ value: {{ tpl .Values.msbaddr . }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /home/esr/works/logs
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /home/esr/conf
+ name: conf-dir
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 1000
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap/esr/esr-server
+ - mountPath: /opt/ajsc/etc/config/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-esr-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: conf-dir
+ emptyDir: {}
+
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "aai-esr-server",
+ "version": "v1",
+ "url": "/api/aai-esr-server/v1",
+ "protocol": "REST",
+ "port": "{{.Values.service.internalPort}}",
+ "enable_ssl": true,
+ "visualRange":"1"
+ }
+ ]'
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+
+subChartsOnly:
+ enabled: true
+
+# application image
+image: onap/aai/esr-server:1.5.2
+pullPolicy: Always
+msbaddr: msb-iag.{{ include "common.namespace" . }}:443
+
+# application configuration
+config:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: esr-server
+ portName: esr-server
+ externalPort: 9518
+ internalPort: 9518
+
+ingress:
+ enabled: false
+
+log:
+ componentName: esr
+ subcomponentName: esr-server
+ debug: true
+ scan:
+ enabled: false
+ logDir: /var/log/onap
+ queueSize: 256
+ root:
+ level: INFO
+
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+#resources:
+# limits:
+# cpu: 2
+# memory: 4Gi
+# requests:
+# cpu: 2
+# memory: 4Gi
# limitations under the License.
dependencies:
- - name: common
+ - name: esr-gui
version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+ repository: 'file://components/esr-gui'
+ condition: esr-gui.enabled
+ - name: esr-server
+ version: ~6.x-0
+ repository: 'file://components/esr-server'
+++ /dev/null
-<?xml version = "1.0" encoding = "UTF-8" ?>
-<!--
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration debug="true" scan="true" scanPeriod="3 seconds">
- <!--<jmxConfigurator /> -->
- <!-- specify the base path of the log directory -->
- <property name="logDir" value="/var/log/onap" />
- <!-- specify the component name -->
- <property name="componentName" value="esr" />
- <!-- specify the sub component name -->
- <property name="subComponentName" value="xacml-pap-rest" />
- <!-- The directories where logs are written -->
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <!-- Example evaluator filter applied against console appender -->
- <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
#################################################################
# Global configuration defaults.
#################################################################
-global:
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
# application configuration
config:
logstashServiceName: log-ls
- logstashPort: 5044
\ No newline at end of file
+ logstashPort: 5044
+
+esr-gui:
+ enabled: true
\ No newline at end of file
FLAGS=${@:3}
CHART_REPO="$(cut -d'/' -f1 <<<"$CHART_URL")"
CHART_NAME="$(cut -d'/' -f2 <<<"$CHART_URL")"
- CACHE_DIR=~/.helm/plugins/deploy/cache
+ if [[ $HELM_VER == "v3."* ]]; then
+ CACHE_DIR=~/.local/share/helm/plugins/deploy/cache
+ else
+ CACHE_DIR=~/.helm/plugins/deploy/cache
+ fi
+ echo "Use cache dir: $CACHE_DIR"
CHART_DIR=$CACHE_DIR/$CHART_NAME
CACHE_SUBCHART_DIR=$CHART_DIR-subcharts
LOG_DIR=$CHART_DIR/logs
if [[ $FLAGS = *"--delay"* ]]; then
FLAGS="$(echo $FLAGS| sed -n 's/--delay//p')"
DELAY="true"
- fi
+ fi
# determine if set-last-applied flag is enabled
SET_LAST_APPLIED="false"
if [[ $FLAGS = *"--set-last-applied"* ]]; then
if [[ $DELAY == "true" ]]; then
echo sleep 3m
sleep 3m
- fi
+ fi
else
array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}"))
n=${#array[*]}
for (( i = n-1; i >= 0; i-- )); do
- helm del "${array[i]}" --purge
+ if [[ $HELM_VER == "v3."* ]]; then
+ helm del "${array[i]}"
+ else
+ helm del "${array[i]}" --purge
+ fi
done
fi
done
# report on success/failures of installs/upgrades
helm ls | grep FAILED | grep $RELEASE
}
+HELM_VER=$(helm version --template "{{.Version}}")
+echo $HELM_VER
case "${1:-"help"}" in
"help")
dependencies:
- name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
version: ~6.x-0
repository: '@local'
\ No newline at end of file
initContainers:
#Example init container for dependency checking
# - command:
-# - /root/ready.py
+# - /app/ready.py
# args:
# - --container-name
# - mariadb
# fieldRef:
# apiVersion: v1
# fieldPath: metadata.namespace
-# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+# image: {{ include "repositoryGenerator.image.readiness" . }}
# imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
#################################################################
global:
nodePortPrefix: 302
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
#################################################################
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
image: <onap-app>:<1.2-STAGING-latest>
pullPolicy: Always
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /bin/sh
- - -c
- - |
- sysctl -w vm.max_map_count=262144
- mkdir -p /logroot/elasticsearch/logs
- mkdir -p /logroot/elasticsearch/data
- chmod -R 777 /logroot/elasticsearch
- chown -R root:root /logroot
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- securityContext:
- privileged: true
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: init-sysctl
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /logroot/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- - containerPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name2 }}
-# disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort2 }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
- name: {{ include "common.fullname" . }}-config
- subPath: elasticsearch.yml
- - mountPath: /usr/share/elasticsearch/data/
- name: {{ include "common.fullname" . }}-data
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- items:
- - key: elasticsearch.yml
- path: elasticsearch.yml
- - name: {{ include "common.fullname" . }}-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- - name: {{ include "common.fullname" . }}-logs
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPathLogs }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name2 }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type2 }}
- ports:
- {{if eq .Values.service.type2 "NodePort" -}}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.name2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
-
-# application image
-loggingRepository: docker.elastic.co
-image: elasticsearch/elasticsearch:5.5.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 120
- periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- accessMode: ReadWriteOnce
- size: 1Gi
- mountPath: /dockerdata-nfs
- mountSubPath: log/elasticsearch/data
- mountSubPathLogs: log
-
-service:
- type: NodePort
- name: log-es
- externalPort: 9200
- internalPort: 9200
- nodePort: 54
- type2: ClusterIP
- name2: log-es-tcp
- externalPort2: 9300
- internalPort2: 9300
-
-ingress:
- enabled: false
- service:
- - baseaddr: "loges"
- name: "log-es"
- port: 9200
- config:
- ssl: "none"
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 1
- memory: 2Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 1
- memory: 4Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-xpack.graph.enabled: false
-#Set to false to disable X-Pack graph features.
-xpack.ml.enabled: false
-#Set to false to disable X-Pack machine learning features.
-xpack.monitoring.enabled: false
-#Set to false to disable X-Pack monitoring features.
-xpack.reporting.enabled: false
-#Set to false to disable X-Pack reporting features.
-xpack.security.enabled: false
-#Set to false to disable X-Pack security features.
-xpack.watcher.enabled: false
-#Set to false to disable Watcher.
-# Kibana is served by a back end server. This setting specifies the port to use.
-server.port: {{.Values.service.externalPort}}
-
-# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
-# The default is 'localhost', which usually means remote machines will not be able to connect.
-# To allow connections from remote users, set this parameter to a non-loopback address.
-server.host: "0"
-
-# Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
-# the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
-# to Kibana. This setting cannot end in a slash.
-#server.basePath: ""
-
-# The maximum payload size in bytes for incoming server requests.
-#server.maxPayloadBytes: 1048576
-
-# The Kibana server's name. This is used for display purposes.
-server.name: "Kibana"
-
-# The URL of the Elasticsearch instance to use for all your queries.
-elasticsearch.url: "http://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}:{{.Values.config.elasticsearchPort}}"
-# When this setting's value is true Kibana uses the hostname specified in the server.host
-# setting. When the value of this setting is false, Kibana uses the hostname of the host
-# that connects to this Kibana instance.
-#elasticsearch.preserveHost: true
-
-# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
-# dashboards. Kibana creates a new index if the index doesn't already exist.
-#kibana.index: ".kibana"
-
-# The default application to load.
-#kibana.defaultAppId: "discover"
-
-# If your Elasticsearch is protected with basic authentication, these settings provide
-# the username and password that the Kibana server uses to perform maintenance on the Kibana
-# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
-# is proxied through the Kibana server.
-elasticsearch.username: "elastic"
-elasticsearch.password: "changeme"
-# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
-# These settings enable SSL for outgoing requests from the Kibana server to the browser.
-#server.ssl.enabled: $server_ssl_enabled
-#server.ssl.certificate: $server_ssl_certificate
-#server.ssl.key: $server_ssl_key
-
-# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
-# These files validate that your Elasticsearch backend uses the same key files.
-#elasticsearch.ssl.certificate: $elasticsearch_ssl_certificate
-#elasticsearch.ssl.key: $elasticsearch_ssl_key
-
-# Optional setting that enables you to specify a path to the PEM file for the certificate
-# authority for your Elasticsearch instance.
-#elasticsearch.ssl.certificateAuthorities: $elasticsearch_ssl_certificateAuthorities
-
-# To disregard the validity of SSL certificates, change this setting's value to 'none'.
-#elasticsearch.ssl.verificationMode: $elasticsearch_ssl_verificationMode
-
-# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
-# the elasticsearch.requestTimeout setting.
-#elasticsearch.pingTimeout: 1500
-
-# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
-# must be a positive integer.
-#elasticsearch.requestTimeout: 30000
-
-# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
-# headers, set this value to [] (an empty list).
-#elasticsearch.requestHeadersWhitelist: [ authorization ]
-
-# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
-# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
-#elasticsearch.customHeaders: {}
-
-# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
-#elasticsearch.shardTimeout: 0
-
-# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
-#elasticsearch.startupTimeout: 5000
-
-# Specifies the path where Kibana creates the process ID file.
-#pid.file: /var/run/kibana.pid
-
-# Enables you specify a file where Kibana stores log output.
-#logging.dest: stdout
-
-# Set the value of this setting to true to suppress all logging output.
-#logging.silent: false
-
-# Set the value of this setting to true to suppress all logging output other than error messages.
-#logging.quiet: false
-
-# Set the value of this setting to true to log all events, including system usage information
-# and all requests.
-#logging.verbose: false
-
-# Set the interval in milliseconds to sample system and process performance
-# metrics. Minimum is 100ms. Defaults to 5000.
-#ops.interval: 5000
-
-# The default locale. This locale can be used in certain circumstances to substitute any missing
-# translations.
-#i18n.defaultLocale: "en"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - log-elasticsearch
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - args:
- - --input=/config/kibana-onboarding.json
- - --output=http://{{.Values.config.elasticsearchServiceName}}.{{ include "common.namespace" . }}:{{.Values.config.elasticsearchPort}}/.kibana
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.elasticdumpRepository }}/{{ .Values.elasticdumpImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-elasticdump
- volumeMounts:
- - mountPath: /config/kibana-onboarding.json
- name: {{ include "common.fullname" . }}
- subPath: kibana-onboarding.json
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- readinessProbe:
- httpGet:
- path: "/"
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
-# disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- httpGet:
- path: "/"
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end -}}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/share/kibana/config/
- name: {{ include "common.fullname" . }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: kibana.yml
- path: kibana.yml
- - key: kibana-onboarding.json
- path: kibana-onboarding.json
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-# Elasticdump image
-elasticdumpRepository: docker.io
-elasticdumpImage: taskrabbit/elasticsearch-dump
-
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
-
-# application image
-loggingRepository: docker.elastic.co
-image: kibana/kibana:5.5.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- elasticsearchServiceName: log-es
- elasticsearchPort: 9200
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 300
- periodSeconds: 10
- timeoutSeconds: 1
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 300
- periodSeconds: 10
- timeoutSeconds: 1
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: NodePort
- name: log-kibana
- externalPort: 5601
- internalPort: 5601
- nodePort: 53
-
-ingress:
- enabled: false
- service:
- - baseaddr: "kibana.api"
- name: "log-kibana"
- port: 5601
- config:
- ssl: "none"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 1
- memory: 2Gi
- large:
- limits:
- cpu: 4
- memory: 8Gi
- requests:
- cpu: 2
- memory: 4Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-http.host: "0.0.0.0"
-pipeline.workers: 3
-## Path where pipeline configurations reside
-path.config: /usr/share/logstash/pipeline
-
-## Type of queue : memeory based or file based
-#queue.type: persisted
-## Size of queue
-#queue.max_bytes: 1024mb
-## Setting true makes logstash check periodically for change in pipeline configurations
-config.reload.automatic: true
-
-## xpack configurations
-#xpack.monitoring.elasticsearch.url: ["http://10.247.186.12:9200", "http://10.247.186.13:9200"]
-#xpack.monitoring.elasticsearch.username: elastic
-#xpack.monitoring.elasticsearch.password: changeme
-xpack.monitoring.enabled: false
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-input {
- beats {
-
- ## Add a id to plugin configuration. Can be anything unique.
- id => 'beats_plugin'
-
- ######## Connection configurations ########
-
- ## The port to listen on.
- port => {{.Values.service.externalPort}}
-
- ## Close Idle clients after the specified time in seconds. Default is 60 seconds
- #client_inactivity_timeout => 60
-
- ######## Security configurations ########
-
- ## Enable encryption. Default false.
- #ssl => $filebeat_ssl
-
- ## ssl certificate path.
- #ssl_certificate => $filebeat_ssl_certificate
-
- ## SSL key to use.
- #ssl_key => $filebeat_ssl_key
-
- ##SSL key passphrase to use.
- #ssl_key_passphrase => $filebeat_ssl_key_passphrase
-
- ## Value can be any of: none, peer, force_peer.
- #ssl_verify_mode => $filebeat_ssl_verify_mode
-
- ## Time in milliseconds for an incomplete ssl handshake to timeout. Default is 10000 ms.
- #ssl_handshake_timeout => 10000
- include_codec_tag => false
- }
-}
-
-
-filter {
- grok {
- break_on_match => false
- match => {
- "source" => ["/var/log/onap/(?<componentName>[^/]+)/",
- "/var/log/onap/%{GREEDYDATA:componentLogFile}"
- ]
- }
- }
-
- # Filter for log4j xml events
- if "</log4j:event>" in [message] {
-
- #mutate { add_field => { "orgmsg_log4j" => "%{message}" } } # Copy of orginal msg for debug
-
- #Filter to parse xml event and retrieve data
- xml {
- source => "message"
- store_xml => false
- remove_namespaces => true
- target => "xml_content"
- xpath => [ "/event/message/text()", "logmsg" ,
- "/event/@logger", "Logger",
- "/event/@timestamp", "Timestamp",
- "/event/@level", "loglevel",
- "/event/@thread", "Thread",
- "/event/throwable/text()", "Exceptionthrowable",
- "/event/NDC/text()", "NDCs",
- "/event/properties/data/@name","mdcname",
- "/event/properties/data/@value","mdcvalue"]
-
- }
-
- #Ruby filter to iterate and separate MDCs into documents
- ruby {
- code => '
- $i = 0
- $num = 0
- if event.get("[mdcname]")
- $num = event.get("[mdcname]").length
- end
- if $num != 0
- until $i > $num do
- if event.get("[mdcname]").at($i) and event.get("[mdcvalue]").at($i)
- event.set(event.get("[mdcname]").at($i), event.get("[mdcvalue]").at($i))
- end
- $i=$i+1
- end
- end
- '
- }
-
- #Validations
- if [Exceptionthrowable]
- {
- mutate {
- replace => {
- "exceptionmessage" => "%{[Exceptionthrowable]}"
- }
- }
- }
-
- if [NDCs]
- {
- mutate {
- replace => {
- "NDC" => "%{[NDCs]}"
- }
- }
- }
-
- mutate {
- replace => {
- "Logger" =>"%{[Logger]}"
- "logmsg" =>"%{[logmsg]}"
- "Timestamp" =>"%{[Timestamp]}"
- "loglevel" =>"%{[loglevel]}"
- "message" => "%{logmsg}"
- "Thread" => "%{[Thread]}"
- }
- remove_field => ["mdcname", "mdcvalue", "logmsg","Exceptionthrowable","NDCs"]
- }
-
- if [Timestamp]
- {
- date {
- match => ["Timestamp", "UNIX_MS"]
- target => "Timestamp"
- }
- }
- }
- # Filter for logback events
- else {
-
- #mutate { add_field => { "orgmsg" => "%{message}" } } # Copy of orginal msg for debug
-
- mutate {
- gsub => [
- 'message', ' = ', '=',
- 'message', '= ', '=null',
- 'message', '=\t', '=null ', #This null is followed by a tab
- 'message', '\t$', '\t'
- ]
- }
- # The grok below parses the message field for all current logback patterns used by oom components.
- # Example logback pattern: %d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg
- # Example grok pattern: %{TIMESTAMP_ISO8601:Timestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:message}
- # Use the following command to find all logback patterns in oom directory: find oom -name "logback*xml" -exec grep "property.*attern.*value" {} \;|sort|uniq
- grok {
- match => {
- "message" => [
- "%{TIMESTAMP_ISO8601:Timestamp}\\t[%{GREEDYDATA:Thread}]\\t%{GREEDYDATA:loglevel}\\t%{JAVACLASS:Logger}\\t%{GREEDYDATA:MDCs}\\t%{GREEDYDATA:message}",
- "%{TIMESTAMP_ISO8601:BeginTimestamp}\|%{TIMESTAMP_ISO8601:EndTimestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:ServiceInstanceId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:Unknown1}\|%{GREEDYDATA:ServiceName}\|%{GREEDYDATA:PartnerName}\|%{GREEDYDATA:TargetEntity}\|%{GREEDYDATA:TargetServiceName}\|%{GREEDYDATA:StatusCode}\|%{GREEDYDATA:ResponseCode}\|%{GREEDYDATA:ResponseDesc}\|%{UUID:InstanceUUID}\|%{GREEDYDATA:loglevel}\|%{GREEDYDATA:AlertSeverity}\|%{IP:ServerIPAddress}\|%{GREEDYDATA:Timer}\|%{HOSTNAME:ServerFQDN}\|%{IPORHOST:RemoteHost}\|%{GREEDYDATA:Unknown2}\|%{GREEDYDATA:Unknown3}\|%{GREEDYDATA:Unknown4}\|%{GREEDYDATA:TargetVirtualEntity}\|%{GREEDYDATA:Unknown5}\|%{GREEDYDATA:Unknown6}\|%{GREEDYDATA:Unknown7}\|%{GREEDYDATA:Unknown8}\|%{GREEDYDATA:message}",
- "%{TIMESTAMP_ISO8601:BeginTimestamp}\|%{TIMESTAMP_ISO8601:EndTimestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:ServiceInstanceId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:Unknown1}\|%{GREEDYDATA:ServiceName}\|%{GREEDYDATA:PartnerName}\|%{GREEDYDATA:StatusCode}\|%{GREEDYDATA:ResponseCode}\|%{GREEDYDATA:ResponseDesc}\|%{UUID:InstanceUUID}\|%{GREEDYDATA:loglevel}\|%{GREEDYDATA:AlertSeverity}\|%{IP:ServerIPAddress}\|%{GREEDYDATA:Timer}\|%{HOSTNAME:ServerFQDN}\|%{IPORHOST:RemoteHost}\|%{GREEDYDATA:Unknown2}\|%{GREEDYDATA:Unknown3}\|%{GREEDYDATA:Unknown4}\|%{GREEDYDATA:Unknown5}\|%{GREEDYDATA:Unknown6}\|%{GREEDYDATA:Unknown7}\|%{GREEDYDATA:Unknown8}\|%{GREEDYDATA:message}",
- "%{TIMESTAMP_ISO8601:Timestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:ServiceInstanceId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:ServiceName}\|%{UUID:InstanceUUID}\|%{GREEDYDATA:loglevel}\|%{GREEDYDATA:AlertSeverity}\|%{IP:ServerIPAddress}\|%{HOSTNAME:ServerFQDN}\|%{IPORHOST:RemoteHost}\|%{GREEDYDATA:Timer}\|\[%{GREEDYDATA:caller}\]\|%{GREEDYDATA:message}",
- "%{TIMESTAMP_ISO8601:Timestamp}\|%{GREEDYDATA:RequestId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:ServiceName}\|%{GREEDYDATA:PartnerName}\|%{GREEDYDATA:TargetEntity}\|%{GREEDYDATA:TargetServiceName}\|%{GREEDYDATA:loglevel}\|%{GREEDYDATA:ErrorCode}\|%{GREEDYDATA:ErrorDesc}\|%{GREEDYDATA:message}",
- "%{TIMESTAMP_ISO8601:Timestamp}\|%{GREEDYDATA:RequestId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:ClassName}\|%{GREEDYDATA:message}",
- "%{TIMESTAMP_ISO8601:Timestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:message}",
- "\[%{TIMESTAMP_ISO8601:Timestamp}\|%{LOGLEVEL:loglevel}\|%{GREEDYDATA:Logger}\|%{GREEDYDATA:Thread}\] %{GREEDYDATA:message}"
- ]
- }
- overwrite => ["message"]
- }
- # The MDCs are key value pairs that are seperated by "," or "\t". Extra space characters are trimmed from the keys and values.
- kv {
- source => "MDCs"
- field_split => ",\t"
- trim_key => "\s"
- trim_value => "\s"
- remove_field => [ "MDCs" ]
- }
-
- if (![Timestamp] and [EndTimestamp]) {
- mutate { add_field => { "Timestamp" => "%{EndTimestamp}" } }
- }
- date {
- match => [ "Timestamp", "ISO8601", "yyyy-MM-dd HH:mm:ss,SSS" ]
- target => "Timestamp"
- }
-
- mutate {
- remove_field => ["DuplicateRequestID", "Unknown1", "Unknown2", "Unknown3", "Unknown4", "Unknown5", "Unknown6", "Unknown7", "Unknown8"]
- }
-
- if ([source] == "/var/log/onap/sdc/sdc-be/audit.log") {
- #Parse kvps in message
- kv {
- field_split => "\s"
- trim_key => "\s"
- trim_value => "\s"
- }
-
- #If Request Id is missing and DID is present use as RequestId
- if (![RequestId] and [DID] =~ /.+/) {
- mutate { add_field => { "RequestId" => "%{DID}" } }
- }
- }
-
- } #Close else statement for logback events
-} #Close filter
-
-
-output {
- elasticsearch {
- id => 'onap_es'
-
- ######### Security configurations #########
-
- user => "elastic"
- password => "changeme"
-
- ## The .cer or .pem file to validate the server's certificate
- #cacert => $es_cacert
-
- ## The keystore used to present a certificate to the server. It can be either .jks or .p12
- #keystore => $es_keystore
- #keystore_password => $es_keystore_password
-
- ## Enable SSL/TLS secured communication to Elasticsearch cluster.
- ## Default is not set which in that case depends on the protocol specidfied in hosts list
- #ssl => $es_ssl
-
- ## Option to validate the server's certificate. Default is true
- #ssl_certificate_verification => $es_ssl_certificate_verification
-
- ## The JKS truststore to validate the server's certificate.
- #truststore => $es_truststore
- #truststore_password => $es_truststore_password
-
-
- ######### Elasticsearchcluster and host configurations #########
-
- ##can specify one or a list of hosts. If sniffing is set, one is enough and others will be auto-discovered
- hosts => ["http://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}:{{.Values.config.elasticsearchPort}}"]
-
-
- ## This setting asks Elasticsearch for the list of all cluster nodes and adds them to the hosts list. Default is false.
- sniffing => true
-
- ## How long to wait, in seconds, between sniffing attempts. Default is 5 seconds.
- #sniffing_delay => 5
-
- ## Set the address of a forward HTTP proxy.
- #proxy => $es_proxy
-
- ##Use this if you must run Elasticsearch behind a proxy that remaps the root path for the Elasticsearch HTTP API lives
- #path => $es_path
-
- ######### Elasticsearch request configurations #########
-
- ## This setting defines the maximum sized bulk request Logstash will make.
- #flush_size => ?
-
- ######### Document configurations #########
-
- index => "logstash-%{+YYYY.MM.dd}"
- document_type => "logs"
-
- ## This can be used to associate child documents with a parent using the parent ID.
- #parent => "abcd'
- }
-}
-
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - log-elasticsearch
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ .Values.global.loggingRepository| default .Values.loggingRepository }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- - containerPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name2 }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
-# disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/share/logstash/config/
- name: {{ include "common.fullname" . }}-config
- - mountPath: /usr/share/logstash/pipeline/
- name: {{ include "common.fullname" . }}-pipeline
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: logstash.yml
- path: logstash.yml
- - name: {{ include "common.fullname" . }}-pipeline
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: onap-pipeline.conf
- path: onap-pipeline.conf
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name2 }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type2 }}
- ports:
- {{if eq .Values.service.type2 "NodePort" -}}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.name2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-# application image
-loggingRepository: docker.elastic.co
-image: logstash/logstash:5.4.3
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- elasticsearchServiceName: log-es
- elasticsearchPort: 9200
-
-# default number of instances
-# 30+ logs/sec will saturate a single node to 6+ vCores
-replicaCount: 3
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: NodePort
- name: log-ls
- externalPort: 5044
- internalPort: 5044
- nodePort: 55
- type2: ClusterIP
- name2: log-ls-http
- externalPort2: 9600
- internalPort2: 9600
-ingress:
- enabled: false
- service:
- - baseaddr: "logls"
- name: "log-ls"
- port: 5044
- - baseaddr: "loglshttp"
- name: "log-ls"
- port: 9600
- config:
- ssl: "none"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 0.5
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 2
- memory: 4Gi
- unlimited: {}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ sysctl -w vm.max_map_count=262144
+ mkdir -p /logroot/elasticsearch/logs
+ mkdir -p /logroot/elasticsearch/data
+ chmod -R 777 /logroot/elasticsearch
+ chown -R root:root /logroot
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ securityContext:
+ privileged: true
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /logroot/
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.name }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.name2 }}
+# disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort2 }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
+ name: {{ include "common.fullname" . }}-config
+ subPath: elasticsearch.yml
+ - mountPath: /usr/share/elasticsearch/data/
+ name: {{ include "common.fullname" . }}-data
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ items:
+ - key: elasticsearch.yml
+ path: elasticsearch.yml
+ - name: {{ include "common.fullname" . }}-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-logs
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPathLogs }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.name }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.name }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name2 }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type2 }}
+ ports:
+ {{if eq .Values.service.type2 "NodePort" -}}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.name2 }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.name2 }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ persistence: {}
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+# application image
+image: elasticsearch/elasticsearch:5.5.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+config: {}
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+
+## Persist data to a persitent volume
+persistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ accessMode: ReadWriteOnce
+ size: 1Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: log/elasticsearch/data
+ mountSubPathLogs: log
+
+service:
+ type: NodePort
+ name: log-es
+ externalPort: 9200
+ internalPort: 9200
+ nodePort: 54
+ type2: ClusterIP
+ name2: log-es-tcp
+ externalPort2: 9300
+ internalPort2: 9300
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "loges"
+ name: "log-es"
+ port: 9200
+ config:
+ ssl: "none"
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 1
+ memory: 4Gi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+xpack.graph.enabled: false
+#Set to false to disable X-Pack graph features.
+xpack.ml.enabled: false
+#Set to false to disable X-Pack machine learning features.
+xpack.monitoring.enabled: false
+#Set to false to disable X-Pack monitoring features.
+xpack.reporting.enabled: false
+#Set to false to disable X-Pack reporting features.
+xpack.security.enabled: false
+#Set to false to disable X-Pack security features.
+xpack.watcher.enabled: false
+#Set to false to disable Watcher.
+# Kibana is served by a back end server. This setting specifies the port to use.
+server.port: {{.Values.service.externalPort}}
+
+# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
+# The default is 'localhost', which usually means remote machines will not be able to connect.
+# To allow connections from remote users, set this parameter to a non-loopback address.
+server.host: "0"
+
+# Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
+# the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
+# to Kibana. This setting cannot end in a slash.
+#server.basePath: ""
+
+# The maximum payload size in bytes for incoming server requests.
+#server.maxPayloadBytes: 1048576
+
+# The Kibana server's name. This is used for display purposes.
+server.name: "Kibana"
+
+# The URL of the Elasticsearch instance to use for all your queries.
+elasticsearch.url: "http://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}:{{.Values.config.elasticsearchPort}}"
+# When this setting's value is true Kibana uses the hostname specified in the server.host
+# setting. When the value of this setting is false, Kibana uses the hostname of the host
+# that connects to this Kibana instance.
+#elasticsearch.preserveHost: true
+
+# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
+# dashboards. Kibana creates a new index if the index doesn't already exist.
+#kibana.index: ".kibana"
+
+# The default application to load.
+#kibana.defaultAppId: "discover"
+
+# If your Elasticsearch is protected with basic authentication, these settings provide
+# the username and password that the Kibana server uses to perform maintenance on the Kibana
+# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
+# is proxied through the Kibana server.
+elasticsearch.username: "elastic"
+elasticsearch.password: "changeme"
+# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
+# These settings enable SSL for outgoing requests from the Kibana server to the browser.
+#server.ssl.enabled: $server_ssl_enabled
+#server.ssl.certificate: $server_ssl_certificate
+#server.ssl.key: $server_ssl_key
+
+# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
+# These files validate that your Elasticsearch backend uses the same key files.
+#elasticsearch.ssl.certificate: $elasticsearch_ssl_certificate
+#elasticsearch.ssl.key: $elasticsearch_ssl_key
+
+# Optional setting that enables you to specify a path to the PEM file for the certificate
+# authority for your Elasticsearch instance.
+#elasticsearch.ssl.certificateAuthorities: $elasticsearch_ssl_certificateAuthorities
+
+# To disregard the validity of SSL certificates, change this setting's value to 'none'.
+#elasticsearch.ssl.verificationMode: $elasticsearch_ssl_verificationMode
+
+# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
+# the elasticsearch.requestTimeout setting.
+#elasticsearch.pingTimeout: 1500
+
+# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
+# must be a positive integer.
+#elasticsearch.requestTimeout: 30000
+
+# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
+# headers, set this value to [] (an empty list).
+#elasticsearch.requestHeadersWhitelist: [ authorization ]
+
+# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
+# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
+#elasticsearch.customHeaders: {}
+
+# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
+#elasticsearch.shardTimeout: 0
+
+# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
+#elasticsearch.startupTimeout: 5000
+
+# Specifies the path where Kibana creates the process ID file.
+#pid.file: /var/run/kibana.pid
+
+# Enables you specify a file where Kibana stores log output.
+#logging.dest: stdout
+
+# Set the value of this setting to true to suppress all logging output.
+#logging.silent: false
+
+# Set the value of this setting to true to suppress all logging output other than error messages.
+#logging.quiet: false
+
+# Set the value of this setting to true to log all events, including system usage information
+# and all requests.
+#logging.verbose: false
+
+# Set the interval in milliseconds to sample system and process performance
+# metrics. Minimum is 100ms. Defaults to 5000.
+#ops.interval: 5000
+
+# The default locale. This locale can be used in certain circumstances to substitute any missing
+# translations.
+#i18n.defaultLocale: "en"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - log-elasticsearch
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - args:
+ - --input=/config/kibana-onboarding.json
+ - --output=http://{{.Values.config.elasticsearchServiceName}}.{{ include "common.namespace" . }}:{{.Values.config.elasticsearchPort}}/.kibana
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.elasticdumpImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-elasticdump
+ volumeMounts:
+ - mountPath: /config/kibana-onboarding.json
+ name: {{ include "common.fullname" . }}
+ subPath: kibana-onboarding.json
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.name }}
+ readinessProbe:
+ httpGet:
+ path: "/"
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+# disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ path: "/"
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end -}}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /usr/share/kibana/config/
+ name: {{ include "common.fullname" . }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}
+ configMap:
+ name: {{ include "common.fullname" . }}
+ items:
+ - key: kibana.yml
+ path: kibana.yml
+ - key: kibana-onboarding.json
+ path: kibana-onboarding.json
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.name }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.name }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ persistence: {}
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+# Elasticdump image
+elasticdumpImage: taskrabbit/elasticsearch-dump
+
+# application image
+image: kibana/kibana:5.5.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ elasticsearchServiceName: log-es
+ elasticsearchPort: 9200
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 300
+ periodSeconds: 10
+ timeoutSeconds: 1
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 300
+ periodSeconds: 10
+ timeoutSeconds: 1
+
+service:
+ #Example service definition with external, internal and node ports.
+ #Services may use any combination of ports depending on the 'type' of
+ #service being defined.
+ type: NodePort
+ name: log-kibana
+ externalPort: 5601
+ internalPort: 5601
+ nodePort: 53
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "kibana.api"
+ name: "log-kibana"
+ port: 5601
+ config:
+ ssl: "none"
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+http.host: "0.0.0.0"
+pipeline.workers: 3
+## Path where pipeline configurations reside
+path.config: /usr/share/logstash/pipeline
+
+## Type of queue : memeory based or file based
+#queue.type: persisted
+## Size of queue
+#queue.max_bytes: 1024mb
+## Setting true makes logstash check periodically for change in pipeline configurations
+config.reload.automatic: true
+
+## xpack configurations
+#xpack.monitoring.elasticsearch.url: ["http://10.247.186.12:9200", "http://10.247.186.13:9200"]
+#xpack.monitoring.elasticsearch.username: elastic
+#xpack.monitoring.elasticsearch.password: changeme
+xpack.monitoring.enabled: false
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+input {
+ beats {
+
+ ## Add a id to plugin configuration. Can be anything unique.
+ id => 'beats_plugin'
+
+ ######## Connection configurations ########
+
+ ## The port to listen on.
+ port => {{.Values.service.externalPort}}
+
+ ## Close Idle clients after the specified time in seconds. Default is 60 seconds
+ #client_inactivity_timeout => 60
+
+ ######## Security configurations ########
+
+ ## Enable encryption. Default false.
+ #ssl => $filebeat_ssl
+
+ ## ssl certificate path.
+ #ssl_certificate => $filebeat_ssl_certificate
+
+ ## SSL key to use.
+ #ssl_key => $filebeat_ssl_key
+
+ ##SSL key passphrase to use.
+ #ssl_key_passphrase => $filebeat_ssl_key_passphrase
+
+ ## Value can be any of: none, peer, force_peer.
+ #ssl_verify_mode => $filebeat_ssl_verify_mode
+
+ ## Time in milliseconds for an incomplete ssl handshake to timeout. Default is 10000 ms.
+ #ssl_handshake_timeout => 10000
+ include_codec_tag => false
+ }
+}
+
+
+filter {
+ grok {
+ break_on_match => false
+ match => {
+ "source" => ["/var/log/onap/(?<componentName>[^/]+)/",
+ "/var/log/onap/%{GREEDYDATA:componentLogFile}"
+ ]
+ }
+ }
+
+ # Filter for log4j xml events
+ if "</log4j:event>" in [message] {
+
+ #mutate { add_field => { "orgmsg_log4j" => "%{message}" } } # Copy of orginal msg for debug
+
+ #Filter to parse xml event and retrieve data
+ xml {
+ source => "message"
+ store_xml => false
+ remove_namespaces => true
+ target => "xml_content"
+ xpath => [ "/event/message/text()", "logmsg" ,
+ "/event/@logger", "Logger",
+ "/event/@timestamp", "Timestamp",
+ "/event/@level", "loglevel",
+ "/event/@thread", "Thread",
+ "/event/throwable/text()", "Exceptionthrowable",
+ "/event/NDC/text()", "NDCs",
+ "/event/properties/data/@name","mdcname",
+ "/event/properties/data/@value","mdcvalue"]
+
+ }
+
+ #Ruby filter to iterate and separate MDCs into documents
+ ruby {
+ code => '
+ $i = 0
+ $num = 0
+ if event.get("[mdcname]")
+ $num = event.get("[mdcname]").length
+ end
+ if $num != 0
+ until $i > $num do
+ if event.get("[mdcname]").at($i) and event.get("[mdcvalue]").at($i)
+ event.set(event.get("[mdcname]").at($i), event.get("[mdcvalue]").at($i))
+ end
+ $i=$i+1
+ end
+ end
+ '
+ }
+
+ #Validations
+ if [Exceptionthrowable]
+ {
+ mutate {
+ replace => {
+ "exceptionmessage" => "%{[Exceptionthrowable]}"
+ }
+ }
+ }
+
+ if [NDCs]
+ {
+ mutate {
+ replace => {
+ "NDC" => "%{[NDCs]}"
+ }
+ }
+ }
+
+ mutate {
+ replace => {
+ "Logger" =>"%{[Logger]}"
+ "logmsg" =>"%{[logmsg]}"
+ "Timestamp" =>"%{[Timestamp]}"
+ "loglevel" =>"%{[loglevel]}"
+ "message" => "%{logmsg}"
+ "Thread" => "%{[Thread]}"
+ }
+ remove_field => ["mdcname", "mdcvalue", "logmsg","Exceptionthrowable","NDCs"]
+ }
+
+ if [Timestamp]
+ {
+ date {
+ match => ["Timestamp", "UNIX_MS"]
+ target => "Timestamp"
+ }
+ }
+ }
+ # Filter for logback events
+ else {
+
+ #mutate { add_field => { "orgmsg" => "%{message}" } } # Copy of orginal msg for debug
+
+ mutate {
+ gsub => [
+ 'message', ' = ', '=',
+ 'message', '= ', '=null',
+ 'message', '=\t', '=null ', #This null is followed by a tab
+ 'message', '\t$', '\t'
+ ]
+ }
+ # The grok below parses the message field for all current logback patterns used by oom components.
+ # Example logback pattern: %d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg
+ # Example grok pattern: %{TIMESTAMP_ISO8601:Timestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:message}
+ # Use the following command to find all logback patterns in oom directory: find oom -name "logback*xml" -exec grep "property.*attern.*value" {} \;|sort|uniq
+ grok {
+ match => {
+ "message" => [
+ "%{TIMESTAMP_ISO8601:Timestamp}\\t[%{GREEDYDATA:Thread}]\\t%{GREEDYDATA:loglevel}\\t%{JAVACLASS:Logger}\\t%{GREEDYDATA:MDCs}\\t%{GREEDYDATA:message}",
+ "%{TIMESTAMP_ISO8601:BeginTimestamp}\|%{TIMESTAMP_ISO8601:EndTimestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:ServiceInstanceId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:Unknown1}\|%{GREEDYDATA:ServiceName}\|%{GREEDYDATA:PartnerName}\|%{GREEDYDATA:TargetEntity}\|%{GREEDYDATA:TargetServiceName}\|%{GREEDYDATA:StatusCode}\|%{GREEDYDATA:ResponseCode}\|%{GREEDYDATA:ResponseDesc}\|%{UUID:InstanceUUID}\|%{GREEDYDATA:loglevel}\|%{GREEDYDATA:AlertSeverity}\|%{IP:ServerIPAddress}\|%{GREEDYDATA:Timer}\|%{HOSTNAME:ServerFQDN}\|%{IPORHOST:RemoteHost}\|%{GREEDYDATA:Unknown2}\|%{GREEDYDATA:Unknown3}\|%{GREEDYDATA:Unknown4}\|%{GREEDYDATA:TargetVirtualEntity}\|%{GREEDYDATA:Unknown5}\|%{GREEDYDATA:Unknown6}\|%{GREEDYDATA:Unknown7}\|%{GREEDYDATA:Unknown8}\|%{GREEDYDATA:message}",
+ "%{TIMESTAMP_ISO8601:BeginTimestamp}\|%{TIMESTAMP_ISO8601:EndTimestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:ServiceInstanceId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:Unknown1}\|%{GREEDYDATA:ServiceName}\|%{GREEDYDATA:PartnerName}\|%{GREEDYDATA:StatusCode}\|%{GREEDYDATA:ResponseCode}\|%{GREEDYDATA:ResponseDesc}\|%{UUID:InstanceUUID}\|%{GREEDYDATA:loglevel}\|%{GREEDYDATA:AlertSeverity}\|%{IP:ServerIPAddress}\|%{GREEDYDATA:Timer}\|%{HOSTNAME:ServerFQDN}\|%{IPORHOST:RemoteHost}\|%{GREEDYDATA:Unknown2}\|%{GREEDYDATA:Unknown3}\|%{GREEDYDATA:Unknown4}\|%{GREEDYDATA:Unknown5}\|%{GREEDYDATA:Unknown6}\|%{GREEDYDATA:Unknown7}\|%{GREEDYDATA:Unknown8}\|%{GREEDYDATA:message}",
+ "%{TIMESTAMP_ISO8601:Timestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:ServiceInstanceId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:ServiceName}\|%{UUID:InstanceUUID}\|%{GREEDYDATA:loglevel}\|%{GREEDYDATA:AlertSeverity}\|%{IP:ServerIPAddress}\|%{HOSTNAME:ServerFQDN}\|%{IPORHOST:RemoteHost}\|%{GREEDYDATA:Timer}\|\[%{GREEDYDATA:caller}\]\|%{GREEDYDATA:message}",
+ "%{TIMESTAMP_ISO8601:Timestamp}\|%{GREEDYDATA:RequestId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:ServiceName}\|%{GREEDYDATA:PartnerName}\|%{GREEDYDATA:TargetEntity}\|%{GREEDYDATA:TargetServiceName}\|%{GREEDYDATA:loglevel}\|%{GREEDYDATA:ErrorCode}\|%{GREEDYDATA:ErrorDesc}\|%{GREEDYDATA:message}",
+ "%{TIMESTAMP_ISO8601:Timestamp}\|%{GREEDYDATA:RequestId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:ClassName}\|%{GREEDYDATA:message}",
+ "%{TIMESTAMP_ISO8601:Timestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:message}",
+ "\[%{TIMESTAMP_ISO8601:Timestamp}\|%{LOGLEVEL:loglevel}\|%{GREEDYDATA:Logger}\|%{GREEDYDATA:Thread}\] %{GREEDYDATA:message}"
+ ]
+ }
+ overwrite => ["message"]
+ }
+ # The MDCs are key value pairs that are seperated by "," or "\t". Extra space characters are trimmed from the keys and values.
+ kv {
+ source => "MDCs"
+ field_split => ",\t"
+ trim_key => "\s"
+ trim_value => "\s"
+ remove_field => [ "MDCs" ]
+ }
+
+ if (![Timestamp] and [EndTimestamp]) {
+ mutate { add_field => { "Timestamp" => "%{EndTimestamp}" } }
+ }
+ date {
+ match => [ "Timestamp", "ISO8601", "yyyy-MM-dd HH:mm:ss,SSS" ]
+ target => "Timestamp"
+ }
+
+ mutate {
+ remove_field => ["DuplicateRequestID", "Unknown1", "Unknown2", "Unknown3", "Unknown4", "Unknown5", "Unknown6", "Unknown7", "Unknown8"]
+ }
+
+ if ([source] == "/var/log/onap/sdc/sdc-be/audit.log") {
+ #Parse kvps in message
+ kv {
+ field_split => "\s"
+ trim_key => "\s"
+ trim_value => "\s"
+ }
+
+ #If Request Id is missing and DID is present use as RequestId
+ if (![RequestId] and [DID] =~ /.+/) {
+ mutate { add_field => { "RequestId" => "%{DID}" } }
+ }
+ }
+
+ } #Close else statement for logback events
+} #Close filter
+
+
+output {
+ elasticsearch {
+ id => 'onap_es'
+
+ ######### Security configurations #########
+
+ user => "elastic"
+ password => "changeme"
+
+ ## The .cer or .pem file to validate the server's certificate
+ #cacert => $es_cacert
+
+ ## The keystore used to present a certificate to the server. It can be either .jks or .p12
+ #keystore => $es_keystore
+ #keystore_password => $es_keystore_password
+
+ ## Enable SSL/TLS secured communication to Elasticsearch cluster.
+ ## Default is not set which in that case depends on the protocol specidfied in hosts list
+ #ssl => $es_ssl
+
+ ## Option to validate the server's certificate. Default is true
+ #ssl_certificate_verification => $es_ssl_certificate_verification
+
+ ## The JKS truststore to validate the server's certificate.
+ #truststore => $es_truststore
+ #truststore_password => $es_truststore_password
+
+
+ ######### Elasticsearchcluster and host configurations #########
+
+ ##can specify one or a list of hosts. If sniffing is set, one is enough and others will be auto-discovered
+ hosts => ["http://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}:{{.Values.config.elasticsearchPort}}"]
+
+
+ ## This setting asks Elasticsearch for the list of all cluster nodes and adds them to the hosts list. Default is false.
+ sniffing => true
+
+ ## How long to wait, in seconds, between sniffing attempts. Default is 5 seconds.
+ #sniffing_delay => 5
+
+ ## Set the address of a forward HTTP proxy.
+ #proxy => $es_proxy
+
+ ##Use this if you must run Elasticsearch behind a proxy that remaps the root path for the Elasticsearch HTTP API lives
+ #path => $es_path
+
+ ######### Elasticsearch request configurations #########
+
+ ## This setting defines the maximum sized bulk request Logstash will make.
+ #flush_size => ?
+
+ ######### Document configurations #########
+
+ index => "logstash-%{+YYYY.MM.dd}"
+ document_type => "logs"
+
+ ## This can be used to associate child documents with a parent using the parent ID.
+ #parent => "abcd'
+ }
+}
+
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - log-elasticsearch
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.name }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.name2 }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+# disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /usr/share/logstash/config/
+ name: {{ include "common.fullname" . }}-config
+ - mountPath: /usr/share/logstash/pipeline/
+ name: {{ include "common.fullname" . }}-pipeline
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ items:
+ - key: logstash.yml
+ path: logstash.yml
+ - name: {{ include "common.fullname" . }}-pipeline
+ configMap:
+ name: {{ include "common.fullname" . }}
+ items:
+ - key: onap-pipeline.conf
+ path: onap-pipeline.conf
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.name }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.name }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name2 }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type2 }}
+ ports:
+ {{if eq .Values.service.type2 "NodePort" -}}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.name2 }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.name2 }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ persistence: {}
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+# application image
+image: logstash/logstash:5.4.3
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ elasticsearchServiceName: log-es
+ elasticsearchPort: 9200
+
+# default number of instances
+# 30+ logs/sec will saturate a single node to 6+ vCores
+replicaCount: 3
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ #Example service definition with external, internal and node ports.
+ #Services may use any combination of ports depending on the 'type' of
+ #service being defined.
+ type: NodePort
+ name: log-ls
+ externalPort: 5044
+ internalPort: 5044
+ nodePort: 55
+ type2: ClusterIP
+ name2: log-ls-http
+ externalPort2: 9600
+ internalPort2: 9600
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "logls"
+ name: "log-ls"
+ port: 5044
+ - baseaddr: "loglshttp"
+ name: "log-ls"
+ port: 9600
+ config:
+ ssl: "none"
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 2Gi
+ requests:
+ cpu: 0.5
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: log-elasticsearch
+ version: ~6.x-0
+ repository: 'file://components/log-elasticsearch'
+ - name: log-kibana
+ version: ~6.x-0
+ repository: 'file://components/log-kibana'
+ - name: log-logstash
+ version: ~6.x-0
+ repository: 'file://components/log-logstash'
+
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
-# Copyright © 2020 Samsung Electrinics
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-make-modeling: make-modeling-etsicatalog
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
-make-modeling-etsicatalog:
- cd charts && helm dep up modeling-etsicatalog && helm lint modeling-etsicatalog
clean:
- @find . -type f -name '*.tgz' -delete
- @find . -type f -name '*.lock' -delete
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright © 2020 Samung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
- - name: mariadb-galera
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - modeling-mariadb
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - command:
- - /bin/sh
- - -c
- - chown -R 1000:1000 /service/modeling/etsicatalog/static
- image: "{{ include "common.repository" . }}/{{ .Values.initImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-init
- volumeMounts:
- - name: {{ include "common.fullname" . }}-etsicatalog
- mountPath: /service/modeling/etsicatalog/static
- containers:
- - name: {{ include "common.name" . }}
- command:
- - bash
- args:
- - -c
- - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbProtocol }}"
- - name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: MYSQL_ADDR
- value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }}
- - name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-etsicatalog
- mountPath: /service/modeling/etsicatalog/static
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-logconfig
- mountPath: /opt/modeling/etsicatalog/config/log.yml
- subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
-
- volumes:
- - name: {{ include "common.fullname" . }}-etsicatalog
- {{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logconfig
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
-
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-modeling-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright (c) 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "parser",
- "version": "v1",
- "url": "/api/parser/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- },
- {
- "serviceName": "catalog",
- "version": "v1",
- "url": "/api/catalog/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- },
- {
- "serviceName": "nsd",
- "version": "v1",
- "url": "/api/nsd/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- },
- {
- "serviceName": "vnfpkgm",
- "version": "v1",
- "url": "/api/vnfpkgm/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
- config:
- ssl_enabled: false
- msbProtocol: https
- msbServiceName: msb-iag
- msbPort: 443
-
- persistence:
- mountPath: /dockerdata-nfs
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: "db-root-pass"
- externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
- type: password
-
-#################################################################
-# Dependencies configuration
-#################################################################
-
-mariadb-galera:
- nameOverride: modeling-mariadb
- service:
- name: modeling-db
- portName: modeling-db
- internalPort: 3306
- nfsprovisionerPrefix: modeling
- persistence:
- mountSubPath: modeling/data
- enabled: true
- disableNfsProvisioner: true
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/modeling/etsicatalog:1.0.6
-initImage: busybox:latest
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: modeling/etsicatalog
-
-service:
- type: ClusterIP
- name: modeling-etsicatalog
- portName: modeling-etsicatalog
- externalPort: 8806
- internalPort: 8806
-# nodePort: 30806
-
-ingress:
- enabled: false
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 500Mi
- requests:
- cpu: 100m
- memory: 250Mi
- large:
- limits:
- cpu: 400m
- memory: 1000Mi
- requests:
- cpu: 200m
- memory: 500Mi
- unlimited: {}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: mariadb-galera
+ version: ~6.x-0
+ repository: '@local'
+ condition: global.mariadbGalera.localCluster
+ - name: mariadb-init
+ version: ~6.x-0
+ repository: '@local'
+ condition: not global.mariadbGalera.localCluster
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-logging-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logging/server/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-modeling-filebeat-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logging/filebeat/*").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ annotations:
+ sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-{{ include "common.name" . }}-config-job"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-job-readiness
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for.msb ) | indent 6 | trim }}
+ - command:
+ - /bin/sh
+ - -c
+ - chown -R 1000:1000 /service/modeling/etsicatalog/static
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-init
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-etsicatalog
+ mountPath: /service/modeling/etsicatalog/static
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: SSL_ENABLED
+ value: "{{ .Values.config.ssl_enabled }}"
+ - name: MSB_ENABLED
+ value: "{{ .Values.config.msb_enabled }}"
+ - name: MSB_ADDR
+ value: "{{ .Values.config.msbProtocol }}://{{ .Values.config.msbServiceName }}:{{ .Values.config.msbPort }}"
+ - name: SDC_ADDR
+ value: "{{ .Values.config.sdcProtocol }}://{{ .Values.config.sdcServiceName }}:{{ .Values.config.sdcPort }}"
+ - name: DMAAP_ENABLED
+ value: "{{ .Values.config.dmaap_enabled }}"
+ - name: DMAAP_ADDR
+ value: "{{ .Values.config.dmaapProtocol }}://{{ .Values.config.dmaapServiceName }}:{{ .Values.config.dmaapPort }}"
+ - name: DB_IP
+ value: "{{ include "common.mariadbService" . }}"
+ - name: DB_PORT
+ value: "{{ include "common.mariadbPort" . }}"
+ - name: DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-db-secret" "key" "login") | indent 12 }}
+ - name: DB_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-db-secret" "key" "password") | indent 12 }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-etsicatalog
+ mountPath: /service/modeling/etsicatalog/static
+ - name: {{ include "common.fullname" . }}-localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-logconfig
+ mountPath: /opt/modeling/etsicatalog/config/log.yml
+ subPath: log.yml
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # side car containers
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+
+ volumes:
+ - name: {{ include "common.fullname" . }}-etsicatalog
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ - name: {{ include "common.fullname" . }}-localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logconfig
+ configMap:
+ name : {{ include "common.fullname" . }}-logging-configmap
+
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-modeling-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "parser",
+ "version": "v1",
+ "url": "/api/parser/v1",
+ "protocol": "REST",
+ "port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "visualRange":"1"
+ },
+ {
+ "serviceName": "catalog",
+ "version": "v1",
+ "url": "/api/catalog/v1",
+ "protocol": "REST",
+ "port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "visualRange":"1"
+ },
+ {
+ "serviceName": "nsd",
+ "version": "v1",
+ "url": "/api/nsd/v1",
+ "protocol": "REST",
+ "port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "visualRange":"1"
+ },
+ {
+ "serviceName": "vnfpkgm",
+ "version": "v1",
+ "url": "/api/vnfpkgm/v1",
+ "protocol": "REST",
+ "port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.config.ssl_enabled }},
+ "visualRange":"1"
+ }
+ ]'
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+
+ persistence:
+ mountPath: /dockerdata-nfs
+
+ mariadbGalera:
+ #This flag allows Modeling to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+readinessCheck:
+ wait_for:
+ msb:
+ name: msb
+ containers:
+ - msb-iag
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: modeling-db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-modeling-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
+
+#################################################################
+# Dependencies configuration
+#################################################################
+
+mariadb-galera:
+ config: &mariadbConfig
+ userCredentialsExternalSecret: *dbSecretName
+ mysqlDatabase: etsicatalog
+ nameOverride: modeling-db
+ service:
+ name: modeling-db
+ portName: modeling-db
+ internalPort: 3306
+ nfsprovisionerPrefix: modeling
+ persistence:
+ mountSubPath: modeling/data
+ enabled: true
+ disableNfsProvisioner: true
+
+mariadb-init:
+ config: *mariadbConfig
+ # nameOverride should be the same with common.name
+ nameOverride: modeling-etsicatalog
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+config:
+ #application configuration about msb
+ ssl_enabled: false
+ msb_enabled: false
+ msbProtocol: https
+ msbServiceName: msb-iag
+ msbPort: 443
+ sdcProtocol: https
+ sdcServiceName: sdc-be
+ sdcPort: 8443
+ dmaap_enabled: false
+ dmaapProtocol: https
+ dmaapServiceName: message-router-external
+ dmaapPort: 3905
+
+ #application configuration user password about mariadb
+ db:
+ userName: etsicatalog
+ # userPassword: password
+ # userCredentialsExternalSecret: some-secret
+
+# application image
+flavor: small
+
+image: onap/modeling/etsicatalog:1.0.9
+pullPolicy: Always
+
+#Istio sidecar injection policy
+istioSidecar: true
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+## Persist data to a persitent volume
+persistence:
+ enabled: true
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ accessMode: ReadWriteOnce
+ size: 2Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: modeling/etsicatalog
+
+service:
+ type: ClusterIP
+ name: modeling-etsicatalog
+ portName: modeling-etsicatalog
+ externalPort: 8806
+ internalPort: 8806
+# nodePort: 30806
+
+ingress:
+ enabled: false
+
+# Configure resource requests and limits
+resources:
+ small:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 100m
+ memory: 250Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1000Mi
+ requests:
+ cpu: 200m
+ memory: 500Mi
+ unlimited: {}
# limitations under the License.
dependencies:
- - name: common
+ - name: modeling-etsicatalog
version: ~6.x-0
- repository: '@local'
+ repository: 'file://components/modeling-etsicatalog'
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-modeling-filebeat-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/filebeat/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{/*
# Copyright © 2018 Amdocs, Bell Canada , ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
serviceAccountName: msb
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- msb-discovery
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
--- /dev/null
+#!/usr/bin/dumb-init /bin/sh
+set -e
+set -x
+
+# Note above that we run dumb-init as PID 1 in order to reap zombie processes
+# as well as forward signals to all processes in its session. Normally, sh
+# wouldn't do either of these functions so we'd leak zombies as well as do
+# unclean termination of all our sub-processes.
+# As of docker 1.13, using docker run --init achieves the same outcome.
+
+# You can set CONSUL_BIND_INTERFACE to the name of the interface you'd like to
+# bind to and this will look up the IP and pass the proper -bind= option along
+# to Consul.
+CONSUL_BIND=
+if [ -n "$CONSUL_BIND_INTERFACE" ]; then
+ CONSUL_BIND_ADDRESS=$(ip -o -4 addr list $CONSUL_BIND_INTERFACE | head -n1 | awk '{print $4}' | cut -d/ -f1)
+ if [ -z "$CONSUL_BIND_ADDRESS" ]; then
+ echo "Could not find IP for interface '$CONSUL_BIND_INTERFACE', exiting"
+ exit 1
+ fi
+
+ CONSUL_BIND="-bind=$CONSUL_BIND_ADDRESS"
+ echo "==> Found address '$CONSUL_BIND_ADDRESS' for interface '$CONSUL_BIND_INTERFACE', setting bind option..."
+fi
+
+# You can set CONSUL_CLIENT_INTERFACE to the name of the interface you'd like to
+# bind client intefaces (HTTP, DNS, and RPC) to and this will look up the IP and
+# pass the proper -client= option along to Consul.
+CONSUL_CLIENT=
+if [ -n "$CONSUL_CLIENT_INTERFACE" ]; then
+ CONSUL_CLIENT_ADDRESS=$(ip -o -4 addr list $CONSUL_CLIENT_INTERFACE | head -n1 | awk '{print $4}' | cut -d/ -f1)
+ if [ -z "$CONSUL_CLIENT_ADDRESS" ]; then
+ echo "Could not find IP for interface '$CONSUL_CLIENT_INTERFACE', exiting"
+ exit 1
+ fi
+
+ CONSUL_CLIENT="-client=$CONSUL_CLIENT_ADDRESS"
+ echo "==> Found address '$CONSUL_CLIENT_ADDRESS' for interface '$CONSUL_CLIENT_INTERFACE', setting client option..."
+fi
+
+# CONSUL_DATA_DIR is exposed as a volume for possible persistent storage. The
+# CONSUL_CONFIG_DIR isn't exposed as a volume but you can compose additional
+# config files in there if you use this image as a base, or use CONSUL_LOCAL_CONFIG
+# below.
+CONSUL_DATA_DIR=/consul/data
+CONSUL_CONFIG_DIR=/consul/config
+
+# You can also set the CONSUL_LOCAL_CONFIG environemnt variable to pass some
+# Consul configuration JSON without having to bind any volumes.
+if [ -n "$CONSUL_LOCAL_CONFIG" ]; then
+ echo "$CONSUL_LOCAL_CONFIG" > "$CONSUL_CONFIG_DIR/local.json"
+fi
+
+# If the user is trying to run Consul directly with some arguments, then
+# pass them to Consul.
+if [ "${1:0:1}" = '-' ]; then
+ set -- consul "$@"
+fi
+
+# Look for Consul subcommands.
+if [ "$1" = 'agent' ]; then
+ shift
+ set -- consul agent \
+ -data-dir="$CONSUL_DATA_DIR" \
+ -config-dir="$CONSUL_CONFIG_DIR" \
+ $CONSUL_BIND \
+ $CONSUL_CLIENT \
+ "$@"
+elif [ "$1" = 'version' ]; then
+ # This needs a special case because there's no help output.
+ set -- consul "$@"
+elif consul --help "$1" 2>&1 | grep -q "consul $1"; then
+ # We can't use the return code to check for the existence of a subcommand, so
+ # we have to use grep to look for a pattern in the help output.
+ set -- consul "$@"
+fi
+
+# If we are running Consul, make sure it executes as the proper user.
+if [ "$1" = 'consul' ]; then
+ # If the data or config dirs are bind mounted then chown them.
+ # Note: This checks for root ownership as that's the most common case.
+ if [ "$(stat -c %u /consul/data)" != "$(id -u consul)" ]; then
+ chown consul:consul /consul/data
+ fi
+ if [ "$(stat -c %u /consul/config)" != "$(id -u consul)" ]; then
+ chown consul:consul /consul/config
+ fi
+
+ # If requested, set the capability to bind to privileged ports before
+ # we drop to the non-root user. Note that this doesn't work with all
+ # storage drivers (it won't work with AUFS).
+ if [ ! -z ${CONSUL_ALLOW_PRIVILEGED_PORTS+x} ]; then
+ setcap "cap_net_bind_service=+ep" /bin/consul
+ fi
+
+# Instead of using this we run our pod as a non-root user.
+# set -- su-exec consul:consul "$@"
+fi
+
+exec "$@"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-entrypoint
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
+{{/*
# Copyright © 2018 Amdocs, Bell Canada , ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
- name: {{ include "common.name" . }}
image: "{{ .Values.global.dockerHubRepository | default .Values.dockerHubRepository }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.runAsUser }}
+ runAsGroup: {{ .Values.securityContext.runAsGroup }}
+ command:
+ - docker-entrypoint.sh
+ args:
+ - "agent"
+ - "-dev"
+ - "-client"
+ - "0.0.0.0"
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
- mountPath: /etc/localtime
name: localtime
readOnly: true
+ - mountPath: /usr/local/bin/docker-entrypoint.sh
+ name: entrypoint
+ subPath: docker-entrypoint.sh
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
- name: localtime
hostPath:
path: /etc/localtime
+ - name: entrypoint
+ configMap:
+ name: {{ include "common.fullname" . }}-entrypoint
+ defaultMode: 0777
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{/*
# Copyright © 2018 Amdocs, Bell Canada , ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
# Application configuration defaults.
#################################################################
# application image
-dockerHubRepository: registry.hub.docker.com
+dockerHubRepository: docker.io
image: library/consul:1.4.3
pullPolicy: Always
istioSidecar: true
cpu: 20m
memory: 100Mi
unlimited: {}
+
+securityContext:
+ fsGroup: 1000
+ runAsUser: 100
+ runAsGroup: 1000
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
+{{/*
# Copyright © 2018 Amdocs, Bell Canada , ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
metadata:
+{{/*
# Copyright © 2018 Amdocs, Bell Canada , ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
serviceAccountName: msb
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- msb-consul
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
+{{/*
# Copyright © 2018 Amdocs, Bell Canada , ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
+{{/*
# Copyright © 2018 Amdocs, Bell Canada , ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
metadata:
+{{/*
# Copyright © 2018 Amdocs, Bell Canada , ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
serviceAccountName: msb
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- msb-discovery
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
+{{/*
# Copyright © 2018 Amdocs, Bell Canada , ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
+{{/*
# Copyright © 2018 Amdocs, Bell Canada , ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
metadata:
+{{/*
# Copyright © 2018 Amdocs, Bell Canada , ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
serviceAccountName: msb
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- msb-discovery
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
+{{/*
# Copyright © 2018 Amdocs, Bell Canada , ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
+ readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
+{{/*
# Copyright © 2018 Amdocs, Bell Canada , ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
filebeat.prospectors:
#it is mandatory, in our case it's log
- input_type: log
+{{/*
# Copyright © 2018 Amdocs, Bell Canada , ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
metadata:
+{{/*
# Copyright © 2017 Amdocs, Bell Canada, ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ServiceAccount
metadata:
-# Copyright 2019 Intel Corporation, Inc
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-make-multicloud: make-multicloud-k8s
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
-make-multicloud-k8s:
- cd charts && helm dep up multicloud-k8s && helm lint multicloud-k8s
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-version: 1
-disable_existing_loggers: False
-
-loggers:
- vio:
- handlers: [azure_handler]
- level: "DEBUG"
- propagate: False
-handlers:
- vio_handler:
- level: "DEBUG"
- class: "logging.handlers.RotatingFileHandler"
- filename: "/var/log/onap/multicloud/azure/azure.log"
- formatter: "mdcFormat"
- maxBytes: 52428800
- backupCount: 10
-formatters:
- standard:
- format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
- mdcFormat:
- format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- containers:
- - env:
- - name: MSB_ADDR
- value: "{{ .Values.config.msbgateway }}"
- - name: MSB_PORT
- value: "{{ .Values.config.msbPort }}.{{ include "common.namespace" . }}"
- - name: AAI_ADDR
- value: aai.{{ include "common.namespace" . }}
- - name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
- - name: AAI_SCHEMA_VERSION
- value: "{{ .Values.config.aai.schemaVersion }}"
- - name: AAI_USERNAME
- value: "{{ .Values.config.aai.username }}"
- - name: AAI_PASSWORD
- value: "{{ .Values.config.aai.password }}"
- name: {{ include "common.name" . }}
- volumeMounts:
- - mountPath: /var/log/onap
- name: azure-log
- - mountPath: /opt/multicloud_azure/multicloud_azure/pub/config/log.yml
- name: azure-logconfig
- subPath: log.yml
- resources:
-{{ toYaml (pluck .Values.flavor .Values.resources| first) | indent 12 }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- httpGet:
- path: /api/multicloud-azure/v0/swagger.json
- port: {{ .Values.service.internalPort }}
- scheme: HTTP
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- successThreshold: {{ .Values.liveness.successThreshold }}
- failureThreshold: {{ .Values.liveness.failureThreshold }}
- {{ end -}}
- # side car containers
- - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: azure-log
- - mountPath: /usr/share/filebeat/data
- name: azure-data-filebeat
- volumes:
- - name: azure-log
- emptyDir: {}
- - name: azure-data-filebeat
- emptyDir: {}
- - name: filebeat-conf
- configMap:
- name: multicloud-filebeat-configmap
- - name: azure-logconfig
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Always
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/multicloud/azure:1.2.4
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# application configuration
-config:
- msbgateway: msb-iag
- msbPort: 80
- aai:
- port: 8443
- schemaVersion: v13
- username: AAI
- password: AAI
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 5
- enabled: true
-
-service:
- type: ClusterIP
- portName: multicloud-azure
- externalPort: 9008
- internalPort: 9008
- nodePort: 61
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
+++ /dev/null
-# Copyright (c) 2019, CMCC Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-version: 1
-disable_existing_loggers: False
-
-loggers:
- fcaps:
- handlers: [fcaps_handler]
- level: "DEBUG"
- propagate: False
- newton_base:
- handlers: [fcaps_handler]
- level: "DEBUG"
- propagate: False
- common:
- handlers: [fcaps_handler]
- level: "DEBUG"
- propagate: False
-
-handlers:
- fcaps_handler:
- level: "DEBUG"
- class: "logging.handlers.RotatingFileHandler"
- filename: "/var/log/onap/multicloud/openstack/fcaps/fcaps.log"
- formatter: "mdcFormat"
- maxBytes: 52428800
- backupCount: 10
-
-formatters:
- standard:
- format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
- mdcFormat:
- format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
+++ /dev/null
-{{/*
-# Copyright (c) 2019, CMCC Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- containers:
- - env:
- - name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}
- - name: MSB_ADDR
- value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- - name: MSB_PORT
- value: "{{ .Values.config.msbPort }}"
- - name: AAI_ADDR
- value: aai.{{ include "common.namespace" . }}
- - name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
- - name: AAI_SCHEMA_VERSION
- value: "{{ .Values.config.aai.schemaVersion }}"
- - name: AAI_USERNAME
- value: "{{ .Values.config.aai.username }}"
- - name: AAI_PASSWORD
- value: "{{ .Values.config.aai.password }}"
- - name: SSL_ENABLED
- value: "{{ .Values.config.ssl_enabled }}"
- name: {{ include "common.name" . }}
- volumeMounts:
- - mountPath: /var/log/onap
- name: fcaps-log
- - mountPath: /opt/fcaps/fcaps/pub/config/log.yml
- name: fcaps-logconfig
- subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- httpGet:
- path: /api/multicloud-fcaps/v1/healthcheck
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- successThreshold: {{ .Values.liveness.successThreshold }}
- failureThreshold: {{ .Values.liveness.failureThreshold }}
- {{ end }}
- # side car containers
- - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: fcaps-log
- - mountPath: /usr/share/filebeat/data
- name: fcaps-data-filebeat
- - image: {{ .Values.rabbitmq }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: rabbit-mq
-
- volumes:
- - name: fcaps-log
- emptyDir: {}
- - name: fcaps-data-filebeat
- emptyDir: {}
- - name: filebeat-conf
- configMap:
- name: multicloud-filebeat-configmap
- - name: fcaps-logconfig
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Always
+++ /dev/null
-# Copyright (c) 2019, CMCC Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefixExt: 304
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-fcaps:1.5.5
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: false
-
-# application configuration
-config:
- ssl_enabled: true
- msbprotocol: https
- msbgateway: msb-iag
- msbPort: 443
- aai:
- port: 8443
- schemaVersion: v13
- username: AAI
- password: AAI
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 5
- enabled: true
-
-service:
- type: ClusterIP
- name: multicloud-fcaps
- portName: multicloud-fcaps
- externalPort: 9011
- internalPort: 9011
- nodePort: 87
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
-
-# rabbit-mq image resource
-rabbitmq: rabbitmq:alpine
+++ /dev/null
-# Copyright 2019 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: mongo
- version: ~6.x-0
- repository: '@local'
- - name: etcd
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-{
- "name":"SDCDistributionGroup",
- "restServerParameters":{
- "host":"0.0.0.0",
- "port":9014,
- "userName":"healthcheck",
- "password":"zb!XztG34",
- "https":true
- },
- "receptionHandlerParameters":{
- "SDCReceptionHandler":{
- "receptionHandlerType":"SDC",
- "receptionHandlerClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandler",
- "receptionHandlerConfigurationName":"sdcConfiguration",
- "pluginHandlerParameters":{
- "artifactForwarders":{
- "PAPEngineForwarder":{
- "forwarderType":"PAPEngine",
- "forwarderClassName":"org.onap.policy.distribution.forwarding.k8s.K8sArtifactForwarder",
- "forwarderConfigurationName": "k8sConfiguration"
- }
- }
- }
- }
- },
- "receptionHandlerConfigurationParameters":{
- "sdcConfiguration":{
- "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
- "parameters":{
- "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
- "messageBusAddress": [
- "message-router.{{ include "common.namespace" . }}"
- ],
- "user": "multicloud",
- "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
- "pollingInterval":20,
- "pollingTimeout":30,
- "consumerId": "multicloud-k8s-id",
- "artifactTypes": [
- "TOSCA_CSAR",
- "HEAT",
- "HEAT_ARTIFACT",
- "HEAT_ENV",
- "HEAT_NESTED",
- "HEAT_VOL",
- "OTHER",
- "VF_MODULES_METADATA",
- "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT"
- ],
- "consumerGroup": "multicloud-k8s-group",
- "environmentName": "AUTO",
- "keystorePath": "null",
- "keystorePassword": "null",
- "activeserverTlsAuth": false,
- "isFilterinEmptyResources": true,
- "isUseHttpsWithDmaap": false
- }
- }
- },
- "artifactForwarderConfigurationParameters":{
- "k8sConfiguration":{
- "parameterClassName":"org.onap.policy.distribution.forwarding.k8s.K8sArtifactForwarderParameterGroup",
- "parameters":{
- "useHttps": true,
- "hostname": "pdp",
- "port": 8081,
- "userName": "testpdp",
- "password": "alpha123",
- "clientAuth": "cHl0aG9uOnRlc3Q=",
- "isManaged": true,
- "pdpGroup": "default"
- }
- }
- }
-}
+++ /dev/null
-{{/*
-# Copyright 2019 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}
- command: ["/opt/multicloud/k8splugin/k8plugin"]
- workingDir: /opt/multicloud/k8splugin
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /opt/multicloud/k8splugin/k8sconfig.json
- name: {{ include "common.name" .}}
- subPath: k8sconfig.json
- resources:
-{{ include "common.resources" . | indent 10 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- - image: "{{ include "common.repository" . }}/{{ .Values.global.artifactImage }}"
- name: framework-artifactbroker
- command: ["/opt/app/distribution/bin/artifact-dist.sh"]
- args: ["/opt/app/distribution/etc/mounted/config.json"]
- ports:
- - containerPort: {{ .Values.artifactbroker.internalPort }}
- protocol: TCP
- volumeMounts:
- - mountPath: /opt/app/distribution/etc/mounted/config.json
- name: {{ include "common.name" .}}
- subPath: config.json
- - mountPath: /data
- name: artifact-data
-
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name : {{ include "common.name" . }}
- configMap:
- name: {{ include "common.fullname" . }}
- - name: artifact-data
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright 2019 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- persistence: {}
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/multicloud/k8s:0.6.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration is via config files
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 30
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 30
-
-service:
- type: ClusterIP
- name: multicloud-k8s
- portName: multicloud-k8s
- internalPort: 9015
- externalPort: 9015
- nodePort: 98
-
-#Mongo chart overrides for k8splugin
-mongo:
- nameOverride: multicloud-k8s-mongo
- service:
- name: multicloud-k8s-mongo
- internalPort: 27017
- nfsprovisionerPrefix: multicloud-k8s
- sdnctlPrefix: multicloud-k8s
- persistence:
- mountSubPath: multicloud-k8s/mongo/data
- enabled: true
- disableNfsProvisioner: true
-
-#etcd chart overrides for k8splugin
-etcd:
- nameOverride: multicloud-k8s-etcd
- service:
- name: multicloud-k8s-etcd
- persistence:
- mountSubPath: multicloud-k8s/etcd/data
- enabled: true
-
-# No persistence right now as we rely on Mongo to handle that
-persistence:
- enabled: false
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 1Gi
- mountPath: /dockerdata-nfs
- mountSubPath: multicloud-k8s/data
-
-ingress:
- enabled: false
-
-artifactbroker:
- internalPort: 9014
-
-# Configure resource requests and limits
-flavor: large
-resources:
- small:
- limits:
- cpu: 200m
- memory: 500Mi
- requests:
- cpu: 10m
- memory: 10Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 10m
- memory: 100Mi
- unlimited: {}
+++ /dev/null
-# Copyright (c) 2018 Intel Corporation.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-version: 1
-disable_existing_loggers: False
-
-loggers:
- pike:
- handlers: [pike_handler]
- level: "DEBUG"
- propagate: False
- newton_base:
- handlers: [pike_handler]
- level: "DEBUG"
- propagate: False
- common:
- handlers: [pike_handler]
- level: "DEBUG"
- propagate: False
-
-handlers:
- pike_handler:
- level: "DEBUG"
- class: "logging.handlers.RotatingFileHandler"
- filename: "/var/log/onap/multicloud/openstack/pike/pike.log"
- formatter: "mdcFormat"
- maxBytes: 52428800
- backupCount: 10
-
-formatters:
- standard:
- format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
- mdcFormat:
- format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
+++ /dev/null
-{{/*
-# Copyright (c) 2018 Intel Corporation.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- containers:
- - env:
- - name: MSB_ADDR
- value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- - name: MSB_PORT
- value: "{{ .Values.config.msbPort }}"
- - name: AAI_ADDR
- value: aai.{{ include "common.namespace" . }}
- - name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
- - name: AAI_SCHEMA_VERSION
- value: "{{ .Values.config.aai.schemaVersion }}"
- - name: AAI_USERNAME
- value: "{{ .Values.config.aai.username }}"
- - name: AAI_PASSWORD
- value: "{{ .Values.config.aai.password }}"
- name: {{ include "common.name" . }}
- volumeMounts:
- - mountPath: /var/log/onap
- name: pike-log
- - mountPath: /opt/pike/pike/pub/config/log.yml
- name: pike-logconfig
- subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- httpGet:
- path: /api/multicloud-pike/v0/swagger.json
- port: {{ .Values.service.internalPort }}
- scheme: HTTP
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- successThreshold: {{ .Values.liveness.successThreshold }}
- failureThreshold: {{ .Values.liveness.failureThreshold }}
- {{ end }}
- # side car containers
- - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: pike-log
- - mountPath: /usr/share/filebeat/data
- name: pike-data-filebeat
-
- volumes:
- - name: pike-log
- emptyDir: {}
- - name: pike-data-filebeat
- emptyDir: {}
- - name: filebeat-conf
- configMap:
- name: multicloud-filebeat-configmap
- - name: pike-logconfig
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Always
+++ /dev/null
-# Copyright (c) 2018 Intel Corporation.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-pike:1.5.5
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# application configuration
-config:
- msbgateway: msb-iag
- msbPort: 80
- aai:
- port: 8443
- schemaVersion: v13
- username: AAI
- password: AAI
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 5
- enabled: true
-
-service:
- type: ClusterIP
- name: multicloud-pike
- portName: multicloud-pike
- externalPort: 9007
- internalPort: 9007
- nodePort: 96
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.alertmanager.enabled -}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}-configmap-reload
- image: "{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- args:
- - --volume-dir=/etc/config
- - --webhook-url=http://localhost:9093/-/reload
- volumeMounts:
- - name: {{ include "common.fullname" . }}-config
- mountPath: /etc/config
- readOnly: true
-
- - name: {{ include "common.name" . }}
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- args:
- - --config.file=/etc/config/alertmanager.yml
- - --storage.path={{ .Values.persistence.containerMountPath }}
- resources:
-{{ toYaml .Values.resources | indent 10 }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{- if .Values.readiness.enabled }}
- readinessProbe:
- httpGet:
- path: /#/status
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- {{ end -}}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-config
- mountPath: /etc/config
- - name: {{ include "common.fullname" . }}-storage
- mountPath: {{ .Values.persistence.containerMountPath }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
- {{- end }}
- volumes:
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- - name: {{ include "common.fullname" . }}-storage
- {{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Always
-
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.grafana.enabled -}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- spec:
- {{- if .Values.dashboards }}
- initContainers:
- - name: {{ include "common.name" . }}-download-dashboards
- image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["sh", "/etc/grafana/download_dashboards.sh"]
- volumeMounts:
- - name: {{ include "common.fullname" . }}-config
- mountPath: "/etc/grafana/download_dashboards.sh"
- subPath: download_dashboards.sh
- - name: {{ include "common.fullname" . }}-storage
- mountPath: {{ .Values.persistence.containerMountPath }}
- {{- end }}
-
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ toYaml .Values.resources | indent 10 }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- protocol: TCP
- {{- if .Values.liveness.enabled }}
- livenessProbe:
- httpGet:
- path: /api/health
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end -}}
- {{- if .Values.readiness.enabled }}
- readinessProbe:
- httpGet:
- path: /api/health
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- {{ end -}}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-config
- mountPath: "/etc/grafana/grafana.ini"
- subPath: grafana.ini
- - name: {{ include "common.fullname" . }}-storage
- mountPath: {{ .Values.persistence.containerMountPath }}
- {{- if .Values.dashboards }}
- {{- range $provider, $dashboards := .Values.dashboards }}
- {{- range $key, $value := $dashboards }}
- {{- if hasKey $value "json" }}
- - name: {{ include "common.fullname" $ }}-dashboards-{{ $provider }}
- mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json"
- subPath: "{{ $key }}.json"
- {{- end }}
- {{- end }}
- {{- end }}
- {{- end -}}
- {{- if .Values.datasources }}
- - name: {{ include "common.fullname" . }}-config
- mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml"
- subPath: datasources.yaml
- {{- end }}
- {{- if .Values.dashboardProviders }}
- - name: {{ include "common.fullname" . }}-config
- mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml"
- subPath: dashboardproviders.yaml
- {{- end }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
- {{- end }}
- volumes:
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- - name: {{ include "common.fullname" . }}-storage
- {{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- {{- if .Values.dashboards }}
- {{- range keys .Values.dashboards }}
- - name: {{ include "common.fullname" $ }}-dashboards-{{ . }}
- configMap:
- name: {{ include "common.fullname" $ }}-dashboards-{{ . }}
- {{- end }}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Always
-
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.prometheus.enabled -}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
-{{- end -}}
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.prometheus.enabled -}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- spec:
- initContainers:
- - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-chown-init
- command: ["chown", "-R", "65534:65534", "{{ .Values.persistence.containerMountPath }}"]
- volumeMounts:
- - name: {{ include "common.fullname" . }}-storage
- mountPath: {{ .Values.persistence.containerMountPath }}
- containers:
- - name: {{ include "common.name" . }}-configmap-reload
- image: "{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- args:
- - --volume-dir=/etc/config
- - --webhook-url=http://localhost:9090/-/reload
- volumeMounts:
- - name: {{ include "common.fullname" . }}-config
- mountPath: /etc/config
- readOnly: true
-
- - name: {{ include "common.name" . }}-server
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- args:
- - --config.file=/etc/config/prometheus.yml
- - --storage.tsdb.path={{ .Values.persistence.containerMountPath }}
- - --web.console.libraries=/etc/prometheus/console_libraries
- - --web.console.templates=/etc/prometheus/consoles
- - --web.enable-lifecycle
- {{- if .Values.server.enableAdminApi }}
- - --web.enable-admin-api
- {{- end }}
- resources:
-{{ toYaml .Values.resources | indent 10 }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if .Values.liveness.enabled }}
- livenessProbe:
- httpGet:
- path: /-/healthy
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end -}}
- {{- if .Values.readiness.enabled }}
- readinessProbe:
- httpGet:
- path: /-/ready
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- {{ end -}}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-config
- mountPath: /etc/config
- - name: {{ include "common.fullname" . }}-storage
- mountPath: {{ .Values.persistence.containerMountPath }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
- {{- end }}
- volumes:
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- - name: {{ include "common.fullname" . }}-storage
- {{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Always
-
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.prometheus.enabled -}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.prometheus.enabled -}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- end -}}
-
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.prometheus.enabled -}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- - name: {{ .Values.service.portName }}
- {{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }}
- {{- else -}}
- port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- {{- end}}
- protocol: TCP
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
-
-{{- end -}}
\ No newline at end of file
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- busyboxRepository: registry.hub.docker.com
- busyboxImage: library/busybox:latest
- alertmanager:
- enabled: false
- grafana:
- enabled: false
- configmapReload:
- image:
- repository: jimmidyson/configmap-reload
- tag: v0.2.2
- persistence: {}
-
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-#Server Configuration
-image:
- repository: prom/prometheus
- tag: v2.4.0
-
-server:
- enableAdminApi: false
-
-persistence:
- enabled: true
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 8Gi
- mountPath: /dockerdata-nfs
- mountSubPath: multicloud/prometheus/server
- containerMountPath: /prometheus/data
-
-#Service configuration for this chart
-service:
- type: ClusterIP
- name: multicloud-prometheus
- portName: multicloud-prometheus
- internalPort: 9090
- externalPort: 9090
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 30
- timeoutSeconds: 30
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 30
- timeoutSeconds: 30
- enabled: true
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-ingress:
- enabled: false
-
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright (c) 2019 Intel Corporation.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP multicloud OpenStack Starlingx Plugin
-name: multicloud-starlingx
-version: 3.0.0
+++ /dev/null
-# Copyright (c) 2019 Intel Corporation.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-version: 1
-disable_existing_loggers: False
-
-loggers:
- starlingx_base:
- handlers: [starlingx_handler]
- level: "DEBUG"
- propagate: False
- starlingx:
- handlers: [starlingx_handler]
- level: "DEBUG"
- propagate: False
- newton_base:
- handlers: [starlingx_handler]
- level: "DEBUG"
- propagate: False
- common:
- handlers: [starlingx_handler]
- level: "DEBUG"
- propagate: False
-
-handlers:
- starlingx_handler:
- level: "DEBUG"
- class: "logging.handlers.RotatingFileHandler"
- filename: "/var/log/onap/multicloud/openstack/starlingx/starlingx.log"
- formatter: "mdcFormat"
- maxBytes: 52428800
- backupCount: 10
-
-formatters:
- standard:
- format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
- mdcFormat:
- format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
+++ /dev/null
-{{/*
-# Copyright (c) 2019 Intel Corporation.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- containers:
- - env:
- - name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}
- - name: MSB_ADDR
- value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- - name: MSB_PORT
- value: "{{ .Values.config.msbPort }}"
- - name: AAI_ADDR
- value: aai.{{ include "common.namespace" . }}
- - name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
- - name: AAI_SCHEMA_VERSION
- value: "{{ .Values.config.aai.schemaVersion }}"
- - name: AAI_USERNAME
- value: "{{ .Values.config.aai.username }}"
- - name: AAI_PASSWORD
- value: "{{ .Values.config.aai.password }}"
- - name: SSL_ENABLED
- value: "{{ .Values.config.ssl_enabled }}"
- name: {{ include "common.name" . }}
- volumeMounts:
- - mountPath: /var/log/onap
- name: starlingx-log
- - mountPath: /opt/starlingx/starlingx/pub/config/log.yml
- name: starlingx-logconfig
- subPath: log.yml
- - mountPath: /opt/artifacts/
- name: artifact-data
- resources:
-{{ include "common.resources" . | indent 12 }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- httpGet:
- path: /api/multicloud-starlingx/v0/swagger.json
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- successThreshold: {{ .Values.liveness.successThreshold }}
- failureThreshold: {{ .Values.liveness.failureThreshold }}
- {{ end }}
- # side car containers
- - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: starlingx-log
- - mountPath: /usr/share/filebeat/data
- name: starlingx-data-filebeat
- - image: "{{ include "common.repository" . }}/{{ .Values.global.artifactImage }}"
- name: framework-artifactbroker
- command: ["/opt/app/distribution/bin/artifact-dist.sh"]
- args: ["/opt/app/distribution/etc/mounted/config.json"]
- ports:
- - containerPort: 9014
- protocol: TCP
- volumeMounts:
- - mountPath: /opt/app/distribution/etc/mounted/config.json
- name: starlingx-logconfig
- subPath: config.json
- - mountPath: /data
- name: artifact-data
-
- volumes:
- - name: starlingx-log
- emptyDir: {}
- - name: starlingx-data-filebeat
- emptyDir: {}
- - name: filebeat-conf
- configMap:
- name: multicloud-filebeat-configmap
- - name: starlingx-logconfig
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- - name: artifact-data
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Always
+++ /dev/null
-# Copyright (c) 2019 Intel Corporation.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefixExt: 304
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-starlingx:1.5.5
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: false
-
-# application configuration
-config:
- ssl_enabled: true
- msbprotocol: https
- msbgateway: msb-iag
- msbPort: 443
- aai:
- port: 8443
- schemaVersion: v13
- username: AAI
- password: AAI
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 5
- enabled: true
-
-service:
- type: ClusterIP
- name: multicloud-starlingx
- portName: multicloud-starlingx
- externalPort: 9009
- internalPort: 9009
- nodePort: 85
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-version: 1
-disable_existing_loggers: False
-
-loggers:
- vio:
- handlers: [vio_handler]
- level: "DEBUG"
- propagate: False
-handlers:
- vio_handler:
- level: "DEBUG"
- class: "logging.handlers.RotatingFileHandler"
- filename: "/var/log/onap/multicloud/vio/vio.log"
- formatter: "mdcFormat"
- maxBytes: 52428800
- backupCount: 10
-formatters:
- standard:
- format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
- mdcFormat:
- format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- containers:
- - env:
- - name: MSB_ADDR
- value: "{{ .Values.config.msbgateway }}"
- - name: MSB_PORT
- value: "{{ .Values.config.msbPort }}.{{ include "common.namespace" . }}"
- - name: AAI_ADDR
- value: aai.{{ include "common.namespace" . }}
- - name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
- - name: AAI_SCHEMA_VERSION
- value: "{{ .Values.config.aai.schemaVersion }}"
- - name: AAI_USERNAME
- value: "{{ .Values.config.aai.username }}"
- - name: AAI_PASSWORD
- value: "{{ .Values.config.aai.password }}"
- name: {{ include "common.name" . }}
- volumeMounts:
- - mountPath: /var/log/onap
- name: vio-log
- - mountPath: /opt/vio/vio/pub/config/log.yml
- name: vio-logconfig
- subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- httpGet:
- path: /api/multicloud-vio/v0/swagger.json
- port: {{ .Values.service.internalPort }}
- scheme: HTTP
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- successThreshold: {{ .Values.liveness.successThreshold }}
- failureThreshold: {{ .Values.liveness.failureThreshold }}
- {{ end -}}
- # side car containers
- - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: vio-log
- - mountPath: /usr/share/filebeat/data
- name: vio-data-filebeat
- volumes:
- - name: vio-log
- emptyDir: {}
- - name: vio-data-filebeat
- emptyDir: {}
- - name: filebeat-conf
- configMap:
- name: multicloud-filebeat-configmap
- - name: vio-logconfig
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Always
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/multicloud/vio:1.4.1
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# application configuration
-config:
- msbgateway: msb-iag
- msbPort: 80
- aai:
- port: 8443
- schemaVersion: v13
- username: AAI
- password: AAI
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 5
- enabled: true
-
-service:
- type: ClusterIP
- name: multicloud-vio
- portName: multicloud-vio
- externalPort: 9004
- internalPort: 9004
- nodePort: 92
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-version: 1
-disable_existing_loggers: False
-
-loggers:
- titanium_cloud:
- handlers: [titanium_cloud_handler]
- level: "DEBUG"
- propagate: False
- newton_base:
- handlers: [titanium_cloud_handler]
- level: "DEBUG"
- propagate: False
- common:
- handlers: [titanium_cloud_handler]
- level: "DEBUG"
- propagate: False
-
-handlers:
- titanium_cloud_handler:
- level: "DEBUG"
- class: "logging.handlers.RotatingFileHandler"
- filename: "/var/log/onap/multicloud/openstack/windriver/titanium_cloud.log"
- formatter: "mdcFormat"
- maxBytes: 52428800
- backupCount: 10
-
-formatters:
- standard:
- format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
- mdcFormat:
- format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- initContainers:
- - command: ["sh", "-c", "chown -R 100:101 /data"]
- image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.global.ubuntuInitImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-init
- volumeMounts:
- - mountPath: /data
- name: artifact-data
- containers:
- - env:
- - name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}
- - name: MSB_ADDR
- value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- - name: MSB_PORT
- value: "{{ .Values.config.msbPort }}"
- - name: AAI_ADDR
- value: aai.{{ include "common.namespace" . }}
- - name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
- - name: AAI_SCHEMA_VERSION
- value: "{{ .Values.config.aai.schemaVersion }}"
- - name: AAI_USERNAME
- value: "{{ .Values.config.aai.username }}"
- - name: AAI_PASSWORD
- value: "{{ .Values.config.aai.password }}"
- - name: SSL_ENABLED
- value: "{{ .Values.config.ssl_enabled }}"
- name: {{ include "common.name" . }}
- volumeMounts:
- - mountPath: /var/log/onap
- name: windriver-log
- - mountPath: /opt/windriver/titanium_cloud/pub/config/log.yml
- name: windriver-logconfig
- subPath: log.yml
- - mountPath: /opt/artifacts/
- name: artifact-data
- resources:
-{{ include "common.resources" . | indent 12 }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- httpGet:
- path: /api/multicloud-titaniumcloud/v1/swagger.json
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- successThreshold: {{ .Values.liveness.successThreshold }}
- failureThreshold: {{ .Values.liveness.failureThreshold }}
- {{ end }}
- # side car containers
- - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: windriver-log
- - mountPath: /usr/share/filebeat/data
- name: windriver-data-filebeat
- - image: "{{ include "common.repository" . }}/{{ .Values.global.artifactImage }}"
- name: framework-artifactbroker
- command: ["/opt/app/distribution/bin/artifact-dist.sh"]
- args: ["/opt/app/distribution/etc/mounted/config.json"]
- ports:
- - containerPort: 9014
- protocol: TCP
- volumeMounts:
- - mountPath: /opt/app/distribution/etc/mounted/config.json
- name: windriver-logconfig
- subPath: config.json
- - mountPath: /data
- name: artifact-data
-
- volumes:
- - name: windriver-log
- emptyDir: {}
- - name: windriver-data-filebeat
- emptyDir: {}
- - name: filebeat-conf
- configMap:
- name: multicloud-filebeat-configmap
- - name: windriver-logconfig
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- - name: artifact-data
- {{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Always
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- ubuntuInitRepository: oomk8s
- ubuntuInitImage: ubuntu-init:1.0.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-windriver:1.5.5
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# application configuration
-config:
- ssl_enabled: true
- msbprotocol: https
- msbgateway: msb-iag
- msbPort: 443
- aai:
- port: 8443
- schemaVersion: v13
- username: AAI
- password: AAI
-
-service:
- type: ClusterIP
- name: multicloud-titaniumcloud
- portName: multicloud-titaniumcloud
- externalPort: 9005
- internalPort: 9005
- nodePort: 94
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 5
- enabled: true
-
-ingress:
- enabled: false
-
-persistence:
- enabled: true
- mountPath: /dockerdata-nfs
- mountSubPath: multicloud-windriver/data
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 5Gi
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := soHelpers
+HELM_BIN := helm
+HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+version: 1
+disable_existing_loggers: False
+
+loggers:
+ vio:
+ handlers: [azure_handler]
+ level: "DEBUG"
+ propagate: False
+handlers:
+ vio_handler:
+ level: "DEBUG"
+ class: "logging.handlers.RotatingFileHandler"
+ filename: "/var/log/onap/multicloud/azure/azure.log"
+ formatter: "mdcFormat"
+ maxBytes: 52428800
+ backupCount: 10
+formatters:
+ standard:
+ format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
+ mdcFormat:
+ format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
+ mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
+ datefmt: "%Y-%m-%d %H:%M:%S"
+ (): onaplogging.mdcformatter.MDCFormatter
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ annotations:
+ sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ spec:
+ containers:
+ - env:
+ - name: MSB_ADDR
+ value: "{{ .Values.config.msbgateway }}"
+ - name: MSB_PORT
+ value: "{{ .Values.config.msbPort }}.{{ include "common.namespace" . }}"
+ - name: AAI_ADDR
+ value: aai.{{ include "common.namespace" . }}
+ - name: AAI_PORT
+ value: "{{ .Values.config.aai.port }}"
+ - name: AAI_SCHEMA_VERSION
+ value: "{{ .Values.config.aai.schemaVersion }}"
+ - name: AAI_USERNAME
+ value: "{{ .Values.config.aai.username }}"
+ - name: AAI_PASSWORD
+ value: "{{ .Values.config.aai.password }}"
+ name: {{ include "common.name" . }}
+ volumeMounts:
+ - mountPath: /var/log/onap
+ name: azure-log
+ - mountPath: /opt/multicloud_azure/multicloud_azure/pub/config/log.yml
+ name: azure-logconfig
+ subPath: log.yml
+ resources:
+{{ toYaml (pluck .Values.flavor .Values.resources| first) | indent 12 }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ path: /api/multicloud-azure/v0/swagger.json
+ port: {{ .Values.service.internalPort }}
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ successThreshold: {{ .Values.liveness.successThreshold }}
+ failureThreshold: {{ .Values.liveness.failureThreshold }}
+ {{ end -}}
+ # side car containers
+ - image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: filebeat-onap
+ volumeMounts:
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ name: filebeat-conf
+ subPath: filebeat.yml
+ - mountPath: /var/log/onap
+ name: azure-log
+ - mountPath: /usr/share/filebeat/data
+ name: azure-data-filebeat
+ volumes:
+ - name: azure-log
+ emptyDir: {}
+ - name: azure-data-filebeat
+ emptyDir: {}
+ - name: filebeat-conf
+ configMap:
+ name: multicloud-filebeat-configmap
+ - name: azure-logconfig
+ configMap:
+ name: {{ include "common.fullname" . }}-log-configmap
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Always
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/multicloud/azure:1.2.4
+pullPolicy: Always
+
+#Istio sidecar injection policy
+istioSidecar: true
+
+# application configuration
+config:
+ msbgateway: msb-iag
+ msbPort: 80
+ aai:
+ port: 8443
+ schemaVersion: v13
+ username: AAI
+ password: AAI
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 5
+ enabled: true
+
+service:
+ type: ClusterIP
+ portName: multicloud-azure
+ externalPort: 9008
+ internalPort: 9008
+ nodePort: 61
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 20m
+ memory: 2Gi
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright (c) 2019, CMCC Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+version: 1
+disable_existing_loggers: False
+
+loggers:
+ fcaps:
+ handlers: [fcaps_handler]
+ level: "DEBUG"
+ propagate: False
+ newton_base:
+ handlers: [fcaps_handler]
+ level: "DEBUG"
+ propagate: False
+ common:
+ handlers: [fcaps_handler]
+ level: "DEBUG"
+ propagate: False
+
+handlers:
+ fcaps_handler:
+ level: "DEBUG"
+ class: "logging.handlers.RotatingFileHandler"
+ filename: "/var/log/onap/multicloud/openstack/fcaps/fcaps.log"
+ formatter: "mdcFormat"
+ maxBytes: 52428800
+ backupCount: 10
+
+formatters:
+ standard:
+ format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
+ mdcFormat:
+ format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
+ mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
+ datefmt: "%Y-%m-%d %H:%M:%S"
+ (): onaplogging.mdcformatter.MDCFormatter
--- /dev/null
+{{/*
+# Copyright (c) 2019, CMCC Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ annotations:
+ sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ spec:
+ containers:
+ - env:
+ - name: MSB_PROTO
+ value: {{ .Values.config.msbprotocol }}
+ - name: MSB_ADDR
+ value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
+ - name: MSB_PORT
+ value: "{{ .Values.config.msbPort }}"
+ - name: AAI_ADDR
+ value: aai.{{ include "common.namespace" . }}
+ - name: AAI_PORT
+ value: "{{ .Values.config.aai.port }}"
+ - name: AAI_SCHEMA_VERSION
+ value: "{{ .Values.config.aai.schemaVersion }}"
+ - name: AAI_USERNAME
+ value: "{{ .Values.config.aai.username }}"
+ - name: AAI_PASSWORD
+ value: "{{ .Values.config.aai.password }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.config.ssl_enabled }}"
+ name: {{ include "common.name" . }}
+ volumeMounts:
+ - mountPath: /var/log/onap
+ name: fcaps-log
+ - mountPath: /opt/fcaps/fcaps/pub/config/log.yml
+ name: fcaps-logconfig
+ subPath: log.yml
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /api/multicloud-fcaps/v1/healthcheck
+ port: {{ .Values.service.internalPort }}
+ scheme: HTTPS
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ successThreshold: {{ .Values.liveness.successThreshold }}
+ failureThreshold: {{ .Values.liveness.failureThreshold }}
+ {{ end }}
+ # side car containers
+ - image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: filebeat-onap
+ volumeMounts:
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ name: filebeat-conf
+ subPath: filebeat.yml
+ - mountPath: /var/log/onap
+ name: fcaps-log
+ - mountPath: /usr/share/filebeat/data
+ name: fcaps-data-filebeat
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.rabbitmq }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: rabbit-mq
+
+ volumes:
+ - name: fcaps-log
+ emptyDir: {}
+ - name: fcaps-data-filebeat
+ emptyDir: {}
+ - name: filebeat-conf
+ configMap:
+ name: multicloud-filebeat-configmap
+ - name: fcaps-logconfig
+ configMap:
+ name: {{ include "common.fullname" . }}-log-configmap
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Always
--- /dev/null
+# Copyright (c) 2019, CMCC Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/multicloud/openstack-fcaps:1.5.5
+pullPolicy: Always
+
+#Istio sidecar injection policy
+istioSidecar: false
+
+# application configuration
+config:
+ ssl_enabled: true
+ msbprotocol: https
+ msbgateway: msb-iag
+ msbPort: 443
+ aai:
+ port: 8443
+ schemaVersion: v13
+ username: AAI
+ password: AAI
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 5
+ enabled: true
+
+service:
+ type: ClusterIP
+ name: multicloud-fcaps
+ portName: multicloud-fcaps
+ externalPort: 9011
+ internalPort: 9011
+ nodePort: 87
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 20m
+ memory: 2Gi
+ unlimited: {}
+
+# rabbit-mq image resource
+rabbitmq: rabbitmq:alpine
--- /dev/null
+# Copyright 2019 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: mongo
+ version: ~6.x-0
+ repository: '@local'
+ - name: etcd
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{
+ "name":"SDCDistributionGroup",
+ "restServerParameters":{
+ "host":"0.0.0.0",
+ "port":9014,
+ "userName":"healthcheck",
+ "password":"zb!XztG34",
+ "https":true
+ },
+ "receptionHandlerParameters":{
+ "SDCReceptionHandler":{
+ "receptionHandlerType":"SDC",
+ "receptionHandlerClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandler",
+ "receptionHandlerConfigurationName":"sdcConfiguration",
+ "pluginHandlerParameters":{
+ "artifactForwarders":{
+ "PAPEngineForwarder":{
+ "forwarderType":"PAPEngine",
+ "forwarderClassName":"org.onap.policy.distribution.forwarding.k8s.K8sArtifactForwarder",
+ "forwarderConfigurationName": "k8sConfiguration"
+ }
+ }
+ }
+ }
+ },
+ "receptionHandlerConfigurationParameters":{
+ "sdcConfiguration":{
+ "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
+ "parameters":{
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
+ "messageBusAddress": [
+ "message-router.{{ include "common.namespace" . }}"
+ ],
+ "user": "multicloud",
+ "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
+ "pollingInterval":20,
+ "pollingTimeout":30,
+ "consumerId": "multicloud-k8s-id",
+ "artifactTypes": [
+ "TOSCA_CSAR",
+ "HEAT",
+ "HEAT_ARTIFACT",
+ "HEAT_ENV",
+ "HEAT_NESTED",
+ "HEAT_VOL",
+ "OTHER",
+ "VF_MODULES_METADATA",
+ "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT",
+ "HELM"
+ ],
+ "consumerGroup": "multicloud-k8s-group",
+ "environmentName": "AUTO",
+ "keystorePath": "null",
+ "keystorePassword": "null",
+ "activeserverTlsAuth": false,
+ "isFilterinEmptyResources": true,
+ "isUseHttpsWithDmaap": false
+ }
+ }
+ },
+ "artifactForwarderConfigurationParameters":{
+ "k8sConfiguration":{
+ "parameterClassName":"org.onap.policy.distribution.forwarding.k8s.K8sArtifactForwarderParameterGroup",
+ "parameters":{
+ "useHttps": true,
+ "hostname": "pdp",
+ "port": 8081,
+ "userName": "testpdp",
+ "password": "alpha123",
+ "clientAuth": "cHl0aG9uOnRlc3Q=",
+ "isManaged": true,
+ "pdpGroup": "default"
+ }
+ }
+ }
+}
--- /dev/null
+{{/*
+# Copyright 2019 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ containers:
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}
+ command: ["/opt/multicloud/k8splugin/k8plugin"]
+ workingDir: /opt/multicloud/k8splugin
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/multicloud/k8splugin/k8sconfig.json
+ name: {{ include "common.name" .}}
+ subPath: k8sconfig.json
+ resources:
+{{ include "common.resources" . | indent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.artifactImage }}
+ name: framework-artifactbroker
+ command: ["/opt/app/distribution/bin/artifact-dist.sh"]
+ args: ["/opt/app/distribution/etc/mounted/config.json"]
+ ports:
+ - containerPort: {{ .Values.artifactbroker.internalPort }}
+ protocol: TCP
+ volumeMounts:
+ - mountPath: /opt/app/distribution/etc/mounted/config.json
+ name: {{ include "common.name" .}}
+ subPath: config.json
+ - mountPath: /data
+ name: artifact-data
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name : {{ include "common.name" . }}
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: artifact-data
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright 2019 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ persistence: {}
+ artifactImage: onap/multicloud/framework-artifactbroker:1.6.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/multicloud/k8s:0.7.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration is via config files
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 30
+
+service:
+ type: ClusterIP
+ name: multicloud-k8s
+ portName: multicloud-k8s
+ internalPort: 9015
+ externalPort: 9015
+ nodePort: 98
+
+#Mongo chart overrides for k8splugin
+mongo:
+ nameOverride: multicloud-k8s-mongo
+ service:
+ name: multicloud-k8s-mongo
+ internalPort: 27017
+ nfsprovisionerPrefix: multicloud-k8s
+ sdnctlPrefix: multicloud-k8s
+ persistence:
+ mountSubPath: multicloud-k8s/mongo/data
+ enabled: true
+ disableNfsProvisioner: true
+ flavor: &storage_flavor large
+ resources: &storage_resources
+ small:
+ limits:
+ cpu: 100m
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 75Mi
+ large:
+ limits:
+ cpu: 200m
+ memory: 1Gi
+ requests:
+ cpu: 50m
+ memory: 300Mi
+ unlimited: {}
+
+#etcd chart overrides for k8splugin
+etcd:
+ nameOverride: multicloud-k8s-etcd
+ service:
+ name: multicloud-k8s-etcd
+ persistence:
+ mountSubPath: multicloud-k8s/etcd/data
+ enabled: true
+ flavor: *storage_flavor
+ resources: *storage_resources
+
+# No persistence right now as we rely on Mongo to handle that
+persistence:
+ enabled: false
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 1Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: multicloud-k8s/data
+
+ingress:
+ enabled: false
+
+artifactbroker:
+ internalPort: 9014
+
+# Configure resource requests and limits
+flavor: large
+resources:
+ small:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 10m
+ memory: 100Mi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright (c) 2018 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+version: 1
+disable_existing_loggers: False
+
+loggers:
+ pike:
+ handlers: [pike_handler]
+ level: "DEBUG"
+ propagate: False
+ newton_base:
+ handlers: [pike_handler]
+ level: "DEBUG"
+ propagate: False
+ common:
+ handlers: [pike_handler]
+ level: "DEBUG"
+ propagate: False
+
+handlers:
+ pike_handler:
+ level: "DEBUG"
+ class: "logging.handlers.RotatingFileHandler"
+ filename: "/var/log/onap/multicloud/openstack/pike/pike.log"
+ formatter: "mdcFormat"
+ maxBytes: 52428800
+ backupCount: 10
+
+formatters:
+ standard:
+ format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
+ mdcFormat:
+ format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
+ mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
+ datefmt: "%Y-%m-%d %H:%M:%S"
+ (): onaplogging.mdcformatter.MDCFormatter
--- /dev/null
+{{/*
+# Copyright (c) 2018 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ annotations:
+ sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ spec:
+ containers:
+ - env:
+ - name: MSB_PROTO
+ value: {{ .Values.config.msbprotocol }}
+ - name: MSB_ADDR
+ value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
+ - name: MSB_PORT
+ value: "{{ .Values.config.msbPort }}"
+ - name: AAI_ADDR
+ value: aai.{{ include "common.namespace" . }}
+ - name: AAI_PORT
+ value: "{{ .Values.config.aai.port }}"
+ - name: AAI_SCHEMA_VERSION
+ value: "{{ .Values.config.aai.schemaVersion }}"
+ - name: AAI_USERNAME
+ value: "{{ .Values.config.aai.username }}"
+ - name: AAI_PASSWORD
+ value: "{{ .Values.config.aai.password }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.config.ssl_enabled }}"
+ name: {{ include "common.name" . }}
+ volumeMounts:
+ - mountPath: /var/log/onap
+ name: pike-log
+ - mountPath: /opt/pike/pike/pub/config/log.yml
+ name: pike-logconfig
+ subPath: log.yml
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /api/multicloud-pike/v0/swagger.json
+ port: {{ .Values.service.internalPort }}
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ successThreshold: {{ .Values.liveness.successThreshold }}
+ failureThreshold: {{ .Values.liveness.failureThreshold }}
+ {{ end }}
+ # side car containers
+ - image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: filebeat-onap
+ volumeMounts:
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ name: filebeat-conf
+ subPath: filebeat.yml
+ - mountPath: /var/log/onap
+ name: pike-log
+ - mountPath: /usr/share/filebeat/data
+ name: pike-data-filebeat
+
+ volumes:
+ - name: pike-log
+ emptyDir: {}
+ - name: pike-data-filebeat
+ emptyDir: {}
+ - name: filebeat-conf
+ configMap:
+ name: multicloud-filebeat-configmap
+ - name: pike-logconfig
+ configMap:
+ name: {{ include "common.fullname" . }}-log-configmap
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Always
--- /dev/null
+# Copyright (c) 2018 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/multicloud/openstack-pike:1.5.5
+pullPolicy: Always
+
+#Istio sidecar injection policy
+istioSidecar: true
+
+# application configuration
+config:
+ ssl_enabled: false
+ msbprotocol: https
+ msbgateway: msb-iag
+ msbPort: 443
+ aai:
+ port: 8443
+ schemaVersion: v13
+ username: AAI
+ password: AAI
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 5
+ enabled: true
+
+service:
+ type: ClusterIP
+ name: multicloud-pike
+ portName: multicloud-pike
+ externalPort: 9007
+ internalPort: 9007
+ nodePort: 96
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 20m
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.alertmanager.enabled -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}-configmap-reload
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --volume-dir=/etc/config
+ - --webhook-url=http://localhost:9093/-/reload
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /etc/config
+ readOnly: true
+
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --config.file=/etc/config/alertmanager.yml
+ - --storage.path={{ .Values.persistence.containerMountPath }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ {{- if .Values.readiness.enabled }}
+ readinessProbe:
+ httpGet:
+ path: /#/status
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ {{ end -}}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /etc/config
+ - name: {{ include "common.fullname" . }}-storage
+ mountPath: {{ .Values.persistence.containerMountPath }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-storage
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Always
+
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.grafana.enabled -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ {{- if .Values.dashboards }}
+ initContainers:
+ - name: {{ include "common.name" . }}-download-dashboards
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["sh", "/etc/grafana/download_dashboards.sh"]
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: "/etc/grafana/download_dashboards.sh"
+ subPath: download_dashboards.sh
+ - name: {{ include "common.fullname" . }}-storage
+ mountPath: {{ .Values.persistence.containerMountPath }}
+ {{- end }}
+
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ protocol: TCP
+ {{- if .Values.liveness.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /api/health
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end -}}
+ {{- if .Values.readiness.enabled }}
+ readinessProbe:
+ httpGet:
+ path: /api/health
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ {{ end -}}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: "/etc/grafana/grafana.ini"
+ subPath: grafana.ini
+ - name: {{ include "common.fullname" . }}-storage
+ mountPath: {{ .Values.persistence.containerMountPath }}
+ {{- if .Values.dashboards }}
+ {{- range $provider, $dashboards := .Values.dashboards }}
+ {{- range $key, $value := $dashboards }}
+ {{- if hasKey $value "json" }}
+ - name: {{ include "common.fullname" $ }}-dashboards-{{ $provider }}
+ mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json"
+ subPath: "{{ $key }}.json"
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end -}}
+ {{- if .Values.datasources }}
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml"
+ subPath: datasources.yaml
+ {{- end }}
+ {{- if .Values.dashboardProviders }}
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml"
+ subPath: dashboardproviders.yaml
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-storage
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ {{- if .Values.dashboards }}
+ {{- range keys .Values.dashboards }}
+ - name: {{ include "common.fullname" $ }}-dashboards-{{ . }}
+ configMap:
+ name: {{ include "common.fullname" $ }}-dashboards-{{ . }}
+ {{- end }}
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Always
+
+{{- end -}}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ initContainers:
+ - image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-chown-init
+ command: ["chown", "-R", "65534:65534", "{{ .Values.persistence.containerMountPath }}"]
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-storage
+ mountPath: {{ .Values.persistence.containerMountPath }}
+ containers:
+ - name: {{ include "common.name" . }}-configmap-reload
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --volume-dir=/etc/config
+ - --webhook-url=http://localhost:9090/-/reload
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /etc/config
+ readOnly: true
+
+ - name: {{ include "common.name" . }}-server
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --config.file=/etc/config/prometheus.yml
+ - --storage.tsdb.path={{ .Values.persistence.containerMountPath }}
+ - --web.console.libraries=/etc/prometheus/console_libraries
+ - --web.console.templates=/etc/prometheus/consoles
+ - --web.enable-lifecycle
+ {{- if .Values.server.enableAdminApi }}
+ - --web.enable-admin-api
+ {{- end }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if .Values.liveness.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /-/healthy
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end -}}
+ {{- if .Values.readiness.enabled }}
+ readinessProbe:
+ httpGet:
+ path: /-/ready
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ {{ end -}}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /etc/config
+ - name: {{ include "common.fullname" . }}-storage
+ mountPath: {{ .Values.persistence.containerMountPath }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-storage
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Always
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+{{- if eq "True" (include "common.needPV" .) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ include "common.release" . }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ storageClassName: "{{ include "common.fullname" . }}-data"
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ include "common.release" . }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ storageClassName: {{ include "common.storageClass" . }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - name: {{ .Values.service.portName }}
+ {{if eq .Values.service.type "NodePort" -}}
+ port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }}
+ {{- else -}}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- end}}
+ protocol: TCP
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
\ No newline at end of file
--- /dev/null
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ alertmanager:
+ enabled: false
+ grafana:
+ enabled: false
+ configmapReload:
+ image:
+ repository: jimmidyson/configmap-reload
+ tag: v0.2.2
+ persistence: {}
+
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+#Server Configuration
+image:
+ repository: prom/prometheus
+ tag: v2.4.0
+
+server:
+ enableAdminApi: false
+
+persistence:
+ enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 8Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: multicloud/prometheus/server
+ containerMountPath: /prometheus/data
+
+#Service configuration for this chart
+service:
+ type: ClusterIP
+ name: multicloud-prometheus
+ portName: multicloud-prometheus
+ internalPort: 9090
+ externalPort: 9090
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 30
+ timeoutSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 30
+ timeoutSeconds: 30
+ enabled: true
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+ingress:
+ enabled: false
+
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 20m
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# Copyright (c) 2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP multicloud OpenStack Starlingx Plugin
+name: multicloud-starlingx
+version: 6.0.0
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright (c) 2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+version: 1
+disable_existing_loggers: False
+
+loggers:
+ starlingx_base:
+ handlers: [starlingx_handler]
+ level: "DEBUG"
+ propagate: False
+ starlingx:
+ handlers: [starlingx_handler]
+ level: "DEBUG"
+ propagate: False
+ newton_base:
+ handlers: [starlingx_handler]
+ level: "DEBUG"
+ propagate: False
+ common:
+ handlers: [starlingx_handler]
+ level: "DEBUG"
+ propagate: False
+
+handlers:
+ starlingx_handler:
+ level: "DEBUG"
+ class: "logging.handlers.RotatingFileHandler"
+ filename: "/var/log/onap/multicloud/openstack/starlingx/starlingx.log"
+ formatter: "mdcFormat"
+ maxBytes: 52428800
+ backupCount: 10
+
+formatters:
+ standard:
+ format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
+ mdcFormat:
+ format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
+ mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
+ datefmt: "%Y-%m-%d %H:%M:%S"
+ (): onaplogging.mdcformatter.MDCFormatter
--- /dev/null
+{{/*
+# Copyright (c) 2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ annotations:
+ sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ spec:
+ containers:
+ - env:
+ - name: MSB_PROTO
+ value: {{ .Values.config.msbprotocol }}
+ - name: MSB_ADDR
+ value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
+ - name: MSB_PORT
+ value: "{{ .Values.config.msbPort }}"
+ - name: AAI_ADDR
+ value: aai.{{ include "common.namespace" . }}
+ - name: AAI_PORT
+ value: "{{ .Values.config.aai.port }}"
+ - name: AAI_SCHEMA_VERSION
+ value: "{{ .Values.config.aai.schemaVersion }}"
+ - name: AAI_USERNAME
+ value: "{{ .Values.config.aai.username }}"
+ - name: AAI_PASSWORD
+ value: "{{ .Values.config.aai.password }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.config.ssl_enabled }}"
+ name: {{ include "common.name" . }}
+ volumeMounts:
+ - mountPath: /var/log/onap
+ name: starlingx-log
+ - mountPath: /opt/starlingx/starlingx/pub/config/log.yml
+ name: starlingx-logconfig
+ subPath: log.yml
+ - mountPath: /opt/artifacts/
+ name: artifact-data
+ resources: {{ include "common.resources" . | nindent 12 }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /api/multicloud-starlingx/v0/swagger.json
+ port: {{ .Values.service.internalPort }}
+ scheme: HTTPS
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ successThreshold: {{ .Values.liveness.successThreshold }}
+ failureThreshold: {{ .Values.liveness.failureThreshold }}
+ {{ end }}
+ # side car containers
+ - image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: filebeat-onap
+ volumeMounts:
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ name: filebeat-conf
+ subPath: filebeat.yml
+ - mountPath: /var/log/onap
+ name: starlingx-log
+ - mountPath: /usr/share/filebeat/data
+ name: starlingx-data-filebeat
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.artifactImage }}
+ name: framework-artifactbroker
+ command: ["/opt/app/distribution/bin/artifact-dist.sh"]
+ args: ["/opt/app/distribution/etc/mounted/config.json"]
+ ports:
+ - containerPort: 9014
+ protocol: TCP
+ volumeMounts:
+ - mountPath: /opt/app/distribution/etc/mounted/config.json
+ name: starlingx-logconfig
+ subPath: config.json
+ - mountPath: /data
+ name: artifact-data
+
+ volumes:
+ - name: starlingx-log
+ emptyDir: {}
+ - name: starlingx-data-filebeat
+ emptyDir: {}
+ - name: filebeat-conf
+ configMap:
+ name: multicloud-filebeat-configmap
+ - name: starlingx-logconfig
+ configMap:
+ name: {{ include "common.fullname" . }}-log-configmap
+ - name: artifact-data
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Always
--- /dev/null
+# Copyright (c) 2019 Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ artifactImage: onap/multicloud/framework-artifactbroker:1.6.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/multicloud/openstack-starlingx:1.5.5
+pullPolicy: Always
+
+#Istio sidecar injection policy
+istioSidecar: false
+
+# application configuration
+config:
+ ssl_enabled: true
+ msbprotocol: https
+ msbgateway: msb-iag
+ msbPort: 443
+ aai:
+ port: 8443
+ schemaVersion: v13
+ username: AAI
+ password: AAI
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 5
+ enabled: true
+
+service:
+ type: ClusterIP
+ name: multicloud-starlingx
+ portName: multicloud-starlingx
+ externalPort: 9009
+ internalPort: 9009
+ nodePort: 85
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 20m
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+version: 1
+disable_existing_loggers: False
+
+loggers:
+ vio:
+ handlers: [vio_handler]
+ level: "DEBUG"
+ propagate: False
+handlers:
+ vio_handler:
+ level: "DEBUG"
+ class: "logging.handlers.RotatingFileHandler"
+ filename: "/var/log/onap/multicloud/vio/vio.log"
+ formatter: "mdcFormat"
+ maxBytes: 52428800
+ backupCount: 10
+formatters:
+ standard:
+ format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
+ mdcFormat:
+ format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
+ mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
+ datefmt: "%Y-%m-%d %H:%M:%S"
+ (): onaplogging.mdcformatter.MDCFormatter
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ annotations:
+ sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ spec:
+ containers:
+ - env:
+ - name: MSB_ADDR
+ value: "{{ .Values.config.msbgateway }}"
+ - name: MSB_PORT
+ value: "{{ .Values.config.msbPort }}.{{ include "common.namespace" . }}"
+ - name: AAI_ADDR
+ value: aai.{{ include "common.namespace" . }}
+ - name: AAI_PORT
+ value: "{{ .Values.config.aai.port }}"
+ - name: AAI_SCHEMA_VERSION
+ value: "{{ .Values.config.aai.schemaVersion }}"
+ - name: AAI_USERNAME
+ value: "{{ .Values.config.aai.username }}"
+ - name: AAI_PASSWORD
+ value: "{{ .Values.config.aai.password }}"
+ name: {{ include "common.name" . }}
+ volumeMounts:
+ - mountPath: /var/log/onap
+ name: vio-log
+ - mountPath: /opt/vio/vio/pub/config/log.yml
+ name: vio-logconfig
+ subPath: log.yml
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ path: /api/multicloud-vio/v0/swagger.json
+ port: {{ .Values.service.internalPort }}
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ successThreshold: {{ .Values.liveness.successThreshold }}
+ failureThreshold: {{ .Values.liveness.failureThreshold }}
+ {{ end -}}
+ # side car containers
+ - image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: filebeat-onap
+ volumeMounts:
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ name: filebeat-conf
+ subPath: filebeat.yml
+ - mountPath: /var/log/onap
+ name: vio-log
+ - mountPath: /usr/share/filebeat/data
+ name: vio-data-filebeat
+ volumes:
+ - name: vio-log
+ emptyDir: {}
+ - name: vio-data-filebeat
+ emptyDir: {}
+ - name: filebeat-conf
+ configMap:
+ name: multicloud-filebeat-configmap
+ - name: vio-logconfig
+ configMap:
+ name: {{ include "common.fullname" . }}-log-configmap
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Always
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/multicloud/vio:1.4.1
+pullPolicy: Always
+
+#Istio sidecar injection policy
+istioSidecar: true
+
+# application configuration
+config:
+ msbgateway: msb-iag
+ msbPort: 80
+ aai:
+ port: 8443
+ schemaVersion: v13
+ username: AAI
+ password: AAI
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 5
+ enabled: true
+
+service:
+ type: ClusterIP
+ name: multicloud-vio
+ portName: multicloud-vio
+ externalPort: 9004
+ internalPort: 9004
+ nodePort: 92
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 20m
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+version: 1
+disable_existing_loggers: False
+
+loggers:
+ titanium_cloud:
+ handlers: [titanium_cloud_handler]
+ level: "DEBUG"
+ propagate: False
+ newton_base:
+ handlers: [titanium_cloud_handler]
+ level: "DEBUG"
+ propagate: False
+ common:
+ handlers: [titanium_cloud_handler]
+ level: "DEBUG"
+ propagate: False
+
+handlers:
+ titanium_cloud_handler:
+ level: "DEBUG"
+ class: "logging.handlers.RotatingFileHandler"
+ filename: "/var/log/onap/multicloud/openstack/windriver/titanium_cloud.log"
+ formatter: "mdcFormat"
+ maxBytes: 52428800
+ backupCount: 10
+
+formatters:
+ standard:
+ format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
+ mdcFormat:
+ format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
+ mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
+ datefmt: "%Y-%m-%d %H:%M:%S"
+ (): onaplogging.mdcformatter.MDCFormatter
--- /dev/null
+resources: {{ include "common.resources" . | indent 12 | trim}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ annotations:
+ sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ spec:
+ initContainers:
+ - command: ["sh", "-c", "chown -R 100:101 /data"]
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-init
+ volumeMounts:
+ - mountPath: /data
+ name: artifact-data
+ containers:
+ - env:
+ - name: MSB_PROTO
+ value: {{ .Values.config.msbprotocol }}
+ - name: MSB_ADDR
+ value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
+ - name: MSB_PORT
+ value: "{{ .Values.config.msbPort }}"
+ - name: AAI_ADDR
+ value: aai.{{ include "common.namespace" . }}
+ - name: AAI_PORT
+ value: "{{ .Values.config.aai.port }}"
+ - name: AAI_SCHEMA_VERSION
+ value: "{{ .Values.config.aai.schemaVersion }}"
+ - name: AAI_USERNAME
+ value: "{{ .Values.config.aai.username }}"
+ - name: AAI_PASSWORD
+ value: "{{ .Values.config.aai.password }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.config.ssl_enabled }}"
+ name: {{ include "common.name" . }}
+ volumeMounts:
+ - mountPath: /var/log/onap
+ name: windriver-log
+ - mountPath: /opt/windriver/titanium_cloud/pub/config/log.yml
+ name: windriver-logconfig
+ subPath: log.yml
+ - mountPath: /opt/artifacts/
+ name: artifact-data
+ resources: {{ include "common.resources" . | nindent 12 }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /api/multicloud-titaniumcloud/v1/swagger.json
+ port: {{ .Values.service.internalPort }}
+ scheme: HTTPS
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ successThreshold: {{ .Values.liveness.successThreshold }}
+ failureThreshold: {{ .Values.liveness.failureThreshold }}
+ {{ end }}
+ # side car containers
+ - image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: filebeat-onap
+ volumeMounts:
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ name: filebeat-conf
+ subPath: filebeat.yml
+ - mountPath: /var/log/onap
+ name: windriver-log
+ - mountPath: /usr/share/filebeat/data
+ name: windriver-data-filebeat
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.artifactImage }}
+ name: framework-artifactbroker
+ command: ["/opt/app/distribution/bin/artifact-dist.sh"]
+ args: ["/opt/app/distribution/etc/mounted/config.json"]
+ ports:
+ - containerPort: 9014
+ protocol: TCP
+ volumeMounts:
+ - mountPath: /opt/app/distribution/etc/mounted/config.json
+ name: windriver-logconfig
+ subPath: config.json
+ - mountPath: /data
+ name: artifact-data
+
+ volumes:
+ - name: windriver-log
+ emptyDir: {}
+ - name: windriver-data-filebeat
+ emptyDir: {}
+ - name: filebeat-conf
+ configMap:
+ name: multicloud-filebeat-configmap
+ - name: windriver-logconfig
+ configMap:
+ name: {{ include "common.fullname" . }}-log-configmap
+ - name: artifact-data
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Always
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ artifactImage: onap/multicloud/framework-artifactbroker:1.6.0
+ persistence: {}
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/multicloud/openstack-windriver:1.5.5
+pullPolicy: Always
+
+#Istio sidecar injection policy
+istioSidecar: true
+
+# application configuration
+config:
+ ssl_enabled: true
+ msbprotocol: https
+ msbgateway: msb-iag
+ msbPort: 443
+ aai:
+ port: 8443
+ schemaVersion: v13
+ username: AAI
+ password: AAI
+
+service:
+ type: ClusterIP
+ name: multicloud-titaniumcloud
+ portName: multicloud-titaniumcloud
+ externalPort: 9005
+ internalPort: 9005
+ nodePort: 94
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 5
+ enabled: true
+
+ingress:
+ enabled: false
+
+persistence:
+ enabled: true
+ mountPath: /dockerdata-nfs
+ mountSubPath: multicloud-windriver/data
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 5Gi
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 20m
+ memory: 2Gi
+ unlimited: {}
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: multicloud-azure
+ version: ~6.x-0
+ repository: 'file://components/multicloud-azure'
+ condition: multicloud-azure.enabled
+ - name: multicloud-fcaps
+ version: ~6.x-0
+ repository: 'file://components/multicloud-fcaps'
+ condition: multicloud-fcaps.enabled
+ - name: multicloud-k8s
+ version: ~6.x-0
+ repository: 'file://components/multicloud-k8s'
+ condition: multicloud-k8s.enabled
+ - name: multicloud-pike
+ version: ~6.x-0
+ repository: 'file://components/multicloud-pike'
+ condition: multicloud-pike.enabled
+ - name: multicloud-prometheus
+ version: ~6.x-0
+ repository: 'file://components/multicloud-prometheus'
+ condition: multicloud-prometheus.enabled
+ - name: multicloud-starlingx
+ version: ~6.x-0
+ repository: 'file://components/multicloud-starlingx'
+ condition: multicloud-starlingx.enabled
+ - name: multicloud-vio
+ version: ~6.x-0
+ repository: 'file://components/multicloud-vio'
+ condition: multicloud-vio.enabled
+ - name: multicloud-windriver
+ version: ~6.x-0
+ repository: 'file://components/multicloud-windriver'
+ condition: multicloud-windriver.enabled
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
filebeat.prospectors:
#it is mandatory, in our case it's log
- input_type: log
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
version: 1
disable_existing_loggers: False
value: "{{ .Values.config.ssl_enabled }}"
resources:
{{ include "common.resources" . | indent 12 }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}
volumeMounts:
{{ end -}}
# side car containers
- - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ - image: {{ include "repositoryGenerator.image.logging" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: filebeat-onap
volumeMounts:
#################################################################
global:
nodePortPrefix: 302
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- artifactImage: onap/multicloud/framework-artifactbroker:1.5.1
+ artifactImage: onap/multicloud/framework-artifactbroker:1.6.0
prometheus:
enabled: false
persistence: {}
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
-image: onap/multicloud/framework:1.5.1
+image: onap/multicloud/framework:1.6.0
pullPolicy: Always
#Istio sidecar injection policy
istioSidecar: true
+multicloud-azure:
+ enabled: true
+multicloud-fcaps:
+ enabled: true
+multicloud-k8s:
+ enabled: true
+multicloud-pike:
+ enabled: true
+multicloud-prometheus:
+ enabled: false
+multicloud-starlingx:
+ enabled: true
+multicloud-vio:
+ enabled: true
+multicloud-windriver:
+ enabled: true
+
# application configuration
config:
ssl_enabled: true
version: ~6.x-0
repository: '@local'
condition: not global.mariadbGalera.localCluster
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
# Copyright © 2018 Orange
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
{{- end }}
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# so K8s doesn't restart unresponsive container
{{- if .Values.global.aafEnabled }}
command:
- - bash
+ - sh
args:
- -c
- |
value: {{ .Values.config.openStackVNFTenantId | quote }}
- name: ONAP_CLOUDOWNER
value: {{ .Values.config.cloudOwner }}
+ - name: ONAP_K8SCLOUDREGIONID
+ value: {{ .Values.config.k8sCloudRegionId }}
+ - name: ONAP_K8SCLOUDOWNER
+ value: {{ .Values.config.k8sCloudOwner }}
- name: NBI_URL
value: "https://nbi.{{ include "common.namespace" . }}:8443/nbi/api/v4"
- name: SDC_HOST
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- # side car containers
- # - name: filebeat-onap
- # image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- # imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- # volumeMounts:
- # - mountPath: /usr/share/filebeat/filebeat.yml
- # name: filebeat-conf
- # subPath: filebeat.yml
- # - mountPath: /home/esr/works/logs
- # name: esr-server-logs
- # - mountPath: /usr/share/filebeat/data
- # name: esr-server-filebeat
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
- # - name: filebeat-conf
- # configMap:
- # name: {{ include "common.fullname" . }}-esr-filebeat
- # - name: esr-server-logs
- # emptyDir: {}
- # - name: esr-server-filebeat
- # emptyDir: {}
- # - name: esrserver-log
- # configMap:
- # name: {{ include "common.fullname" . }}-esr-esrserver-log
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{/*
# Copyright © 2020 Samsung, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.ingress" . }}
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
mariadbGalera: &mariadbGalera
#This flag allows SO to instantiate its own mariadb-galera cluster
localCluster: false
internalPort: 3306
nameOverride: mariadb-galera
aafEnabled: true
- busyBoxImage: busybox:1.30
- busyBoxRepository: docker.io
#################################################################
# AAF part
# application image
repository: nexus3.onap.org:10001
-image: onap/externalapi/nbi:7.0.0
+image: onap/externalapi/nbi:7.0.2
pullPolicy: IfNotPresent
sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=
aai_authorization: Basic QUFJOkFBSQ==
logstashServiceName: log-ls
logstashPort: 5044
cloudOwner: CloudOwner
+ k8sCloudRegionId: k8sregionfour
+ k8sCloudOwner: k8scloudowner4
ecompInstanceId: OOM
openStackRegion: RegionOne
openStackVNFTenantId: 31047205ce114b60833b23e400d6a535
# Copyright © 2019 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
version: ~6.x-0
repository: '@local'
condition: nbi.enabled
- - name: pnda
- version: ~6.x-0
- repository: '@local'
- condition: pnda.enabled
- name: policy
version: ~6.x-0
repository: '@local'
version: ~6.x-0
repository: '@local'
condition: oof.enabled
+ - name: repository-wrapper
+ version: ~6.x-0
+ repository: '@local'
- name: robot
version: ~6.x-0
repository: '@local'
version: ~6.x-0
repository: '@local'
condition: modeling.enabled
+ - name: platform
+ version: ~6.x-0
+ repository: '@local'
+ condition: platform.enabled
+ - name: a1policymanagement
+ version: ~6.x-0
+ repository: '@local'
+ condition: a1policymanagement.enabled
+ - name: cert-wrapper
+ version: ~6.x-0
+ repository: '@local'
+ condition: cert-wrapper.enabled
# any other repository that hosts images for ONAP components.
#repository: nexus3.onap.org:10001
- # readiness check - temporary repo until images migrated to nexus3
- readinessRepository: oomk8s
+ # readiness check
+ readinessImage: onap/oom/readiness:3.0.1
+
# logging agent - temporary repo until images migrated to nexus3
loggingRepository: docker.elastic.co
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
sdnc-ansible-server:
readiness:
initialDelaySeconds: 120
- sdnc-portal:
- readiness:
- initialDelaySeconds: 120
ueb-listener:
liveness:
initialDelaySeconds: 60
readiness:
initialDelaySeconds: 120
+a1policymanagement:
+ liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+++ /dev/null
-# Copyright © 2020 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-#
-# These overrides will affect all helm charts (ie. applications)
-# that are listed below and are 'enabled'.
-#
-#
-# This is specifically for the environments which take time to
-# deploy ONAP. This increase in timeouts prevents false restarting of
-# the pods during startup configuration.
-#
-# These timers have been tuned by the ONAP integration team. They
-# have been tested and validated in the ONAP integration lab (Intel/Windriver lab).
-# They are however indicative and may be adapted to your environment as they
-# depend on the performance of the infrastructure you are installing ONAP on.
-#
-# Please note that these timers must remain reasonable, in other words, if
-# your infrastructure is not performant enough, extending the timers to very
-# large value may not fix all installation issues on over subscribed hardware.
-#
-#################################################################
-global:
- cmpv2Enabled: true
- aaf:
- certServiceClient:
- envVariables:
- # Certificate related
- cmpv2Organization: "Linux-Foundation"
- cmpv2OrganizationalUnit: "ONAP"
- cmpv2Location: "San-Francisco"
- cmpv2State: "California"
- cmpv2Country: "US"
- # Client configuration related
- caName: "RA"
initialDelaySeconds: 60
readiness:
initialDelaySeconds: 60
+ clamp-mariadb:
+ liveness:
+ initialDelaySeconds: 30
+ readiness:
+ initialDelaySeconds: 30
dcaegen2:
dcae-cloudify-manager:
liveness:
sdnc-ansible-server:
readiness:
initialDelaySeconds: 120
- sdnc-portal:
- readiness:
- initialDelaySeconds: 120
ueb-listener:
liveness:
initialDelaySeconds: 60
user: docker
password: docker
- # readiness check - temporary repo until images migrated to nexus3
- readinessRepository: oomk8s
+ # readiness check
+ readinessImage: onap/oom/readiness:3.0.1
+
# logging agent - temporary repo until images migrated to nexus3
loggingRepository: docker.elastic.co
enabled: false
dcaegen2:
enabled: false
-pnda:
- enabled: false
dmaap:
enabled: true
esr:
# Copyright © 2019 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
enabled: true
modeling:
enabled: true
+platform:
+ enabled: true
+a1policymanagement:
+ enabled: true
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+# Modifications Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+#
+# These overrides will affect all helm charts (ie. applications)
+# that are listed below and are 'enabled'.
+#
+#
+# This is specifically for the environments which take time to
+# deploy ONAP. This increase in timeouts prevents false restarting of
+# the pods during startup configuration.
+#
+# These timers have been tuned by the ONAP integration team. They
+# have been tested and validated in the ONAP integration lab (Intel/Windriver lab).
+# They are however indicative and may be adapted to your environment as they
+# depend on the performance of the infrastructure you are installing ONAP on.
+#
+# Please note that these timers must remain reasonable, in other words, if
+# your infrastructure is not performant enough, extending the timers to very
+# large value may not fix all installation issues on over subscribed hardware.
+#
+#################################################################
+global:
+ cmpv2Enabled: true
+ platform:
+ certServiceClient:
+ envVariables:
+ # Certificate related
+ cmpv2Organization: "Linux-Foundation"
+ cmpv2OrganizationalUnit: "ONAP"
+ cmpv2Location: "San-Francisco"
+ cmpv2State: "California"
+ cmpv2Country: "US"
+ # Client configuration related
+ caName: "RA"
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "common.namespace" . }}-binding
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.namespace" . }}-docker-registry-key
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
- .dockercfg: {{ include "common.repository.secret" . }}
-type: kubernetes.io/dockercfg
# Copyright © 2019 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
addTestingComponents: &testing false
# ONAP Repository
- # Uncomment the following to enable the use of a single docker
- # repository but ONLY if your repository mirrors all ONAP
- # docker images. This includes all images from dockerhub and
- # any other repository that hosts images for ONAP components.
- #repository: nexus3.onap.org:10001
+ # Four different repositories are used
+ # You can change individually these repositories to ones that will serve the
+ # right images. If credentials are needed for one of them, see below.
+ repository: nexus3.onap.org:10001
+ dockerHubRepository: &dockerHubRepository docker.io
+ elasticRepository: &elasticRepository docker.elastic.co
+ googleK8sRepository: k8s.gcr.io
+
+
+ #/!\ DEPRECATED /!\
+ # Legacy repositories which will be removed at the end of migration.
+ # Please don't use
+ loggingRepository: *elasticRepository
+ busyboxRepository: *dockerHubRepository
+
+ # Default credentials
+ # they're optional. If the target repository doesn't need them, comment them
repositoryCred:
user: docker
password: docker
- dockerHubRepository: docker.io
-
- # readiness check - temporary repo until images migrated to nexus3
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.2.2
+ # If you want / need authentication on the repositories, please set
+ # Don't set them if the target repo is the same than others
+ # so id you've set repository to value `my.private.repo` and same for
+ # dockerHubRepository, you'll have to configure only repository (exclusive) OR
+ # dockerHubCred.
+ # dockerHubCred:
+ # user: myuser
+ # password: mypassord
+ # elasticCred:
+ # user: myuser
+ # password: mypassord
+ # googleK8sCred:
+ # user: myuser
+ # password: mypassord
+
+
+ # common global images
+ # Busybox for simple shell manipulation
+ busyboxImage: busybox:1.32
# curl image
curlImage: curlimages/curl:7.69.1
- # logging agent - temporary repo until images migrated to nexus3
- loggingRepository: docker.elastic.co
+ # env substitution image
+ envsubstImage: dibi/envsubst:1
+
+ # generate htpasswd files image
+ # there's only latest image for htpasswd
+ htpasswdImage: xmartlabs/htpasswd:latest
+
+ # kubenretes client image
+ kubectlImage: bitnami/kubectl:1.19
+
+ # logging agent
+ loggingImage: beats/filebeat:5.5.0
- # dockerHub main repository
- dockerHubRepository: docker.io
+ # mariadb client image
+ mariadbImage: mariadb:10.1.48
- # busybox repo and image
- busyboxRepository: docker.io
- busyboxImage: busybox:1.30
+ # nginx server image
+ nginxImage: bitnami/nginx:1.18-debian-10
- # kubeclt image
- kubectlImage: "bitnami/kubectl:1.15"
+ # postgreSQL client and server image
+ postgresImage: crunchydata/crunchy-postgres:centos7-10.11-4.2.1
+
+ # readiness check image
+ readinessImage: onap/oom/readiness:3.0.1
# image pull policy
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
+ # default password complexity
+ # available options: phrase, name, pin, basic, short, medium, long, maximum security
+ # More datails: https://masterpassword.app/masterpassword-algorithm.pdf
+ passwordStrength: long
+
+ # configuration to set log level to all components (the one that are using
+ # "common.log.level" to set this)
+ # can be overrided per components by setting logConfiguration.logLevelOverride
+ # to the desired value
+ # logLevel: DEBUG
+
#Global ingress configuration
ingress:
enabled: false
virtualhost:
- enabled: true
- baseurl: "simpledemo.onap.org"
+ enabled: true
+ baseurl: "simpledemo.onap.org"
# Global Service Mesh configuration
# POC Mode, don't use it in production
# Enabling CMPv2
cmpv2Enabled: true
- aaf:
+ platform:
certServiceClient:
- image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
secret:
- name: aaf-cert-service-client-tls-secret
- mountPath: /etc/onap/aaf/certservice/certs/
+ name: oom-cert-service-client-tls-secret
+ mountPath: /etc/onap/oom/certservice/certs/
envVariables:
# Certificate related
cmpv2Organization: "Linux-Foundation"
cmpv2Country: "US"
# Client configuration related
caName: "RA"
- requestURL: "https://aaf-cert-service:8443/v1/certificate/"
+ requestURL: "https://oom-cert-service:8443/v1/certificate/"
requestTimeout: "30000"
- keystorePath: "/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks"
+ keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
+ outputType: "P12"
keystorePassword: "secret"
- truststorePath: "/etc/onap/aaf/certservice/certs/truststore.jks"
+ truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
truststorePassword: "secret"
+ # Indicates offline deployment build
+ # Set to true if you are rendering helm charts for offline deployment
+ # Otherwise keep it disabled
+ offlineDeploymentBuild: false
+
# TLS
# Set to false if you want to disable TLS for NodePorts. Be aware that this
# will loosen your security.
# default
centralizedLoggingEnabled: ¢ralizedLogging false
-
-# Example of specific for the components where you want to disable TLS only for
-# it:
-# if set this element will force or not tls even if global.serviceMesh.tls and
-# global.tlsEnabled is set otherwise.
-# robot:
-# tlsOverride: false
+ # Example of specific for the components where you want to disable TLS only for
+ # it:
+ # if set this element will force or not tls even if global.serviceMesh.tls and
+ # global.tlsEnabled is set otherwise.
+ # robot:
+ # tlsOverride: false
# Global storage configuration
# Set to "-" for default, or with the name of the storage class
enabled: false
dcaemod:
enabled: false
-pnda:
- enabled: false
dmaap:
enabled: false
esr:
openStackServiceTenantName: "service"
openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
+ # in order to enable static password for so-monitoring uncomment:
+ # so-monitoring:
+ # server:
+ # monitoring:
+ # password: demo123456!
+
# configure embedded mariadb
mariadb:
config:
enabled: false
modeling:
enabled: false
+platform:
+ enabled: false
+a1policymanagement:
+ enabled: false
+
+cert-wrapper:
+ enabled: true
+repository-wrapper:
+ enabled: true
--- /dev/null
+components/
-# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-make-has:
- cd charts && helm dep up oof-has
- cd charts && helm dep up oof-cmso
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-#-------------------------------------------------------------------------------
-# ============LICENSE_START==============================================
-# Copyright (c) 2019 AT&T Intellectual Property.
-# =======================================================================
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a
-# copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-# ============LICENSE_END=================================================
-#
-#-------------------------------------------------------------------------------
-cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
-
+++ /dev/null
-###
-# Copyright (c) 2019 AT&T Intellectual Property.
-# Modifications Copyright (c) 2018 IBM.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-# Unless otherwise specified, all documentation contained herein is licensed
-# under the Creative Commons License, Attribution 4.0 Intl. (the ââ?¬Å"Licenseââ?¬);
-# you may not use this documentation except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://creativecommons.org/licenses/by/4.0/
-#
-# Unless required by applicable law or agreed to in writing, documentation
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-###
-spring.datasource.jdbcUrl=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}?createDatabaseIfNotExist=true
-spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
-spring.datasource.username=${DB_USERNAME}
-spring.datasource.password=${DB_PASSWORD}
-
-spring.datasource.initialize=false
-spring.datasource.tomcat.max-wait=10000
-spring.datasource.tomcat.initialSize=5
-spring.datasource.tomcat.max-active=25
-spring.datasource.tomcat.test-on-borrow=true
-
-
-changeLogFile=optimizer-liquibase-changeLog.xml
+++ /dev/null
-#-------------------------------------------------------------------------------
-# ============LICENSE_START==============================================
-# Copyright (c) 2019 AT&T Intellectual Property.
-# =======================================================================
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a
-# copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-# ============LICENSE_END=================================================
-#
-#-------------------------------------------------------------------------------
-spring.datasource.url=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}
-spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
-spring.datasource.username=${DB_USERNAME}
-spring.datasource.password=${DB_PASSWORD}
-cmso.database.password=${DB_PASSWORD}
-
-spring.datasource.initialize=false
-spring.datasource.tomcat.max-wait=10000
-spring.datasource.tomcat.initialSize=5
-spring.datasource.tomcat.max-active=25
-spring.datasource.tomcat.test-on-borrow=true
-
-spring.jpa.show-sql=false
-spring.jpa.hibernate.ddl-auto=none
-spring.jpa.hibernate.naming.strategy=org.hibernate.cfg.EJB3NamingStrategy
-spring.jpa.database-platform=org.hibernate.dialect.MySQL5InnoDBDialect
-spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
-spring.jpa.hibernate.id.new_generator_mappings=false
-hibernate.id.new_generator_mappings=false
-
-logging.level.org.hibernate.SQL=WARN
-logging.level.org.hibernate=WARN
-#-------------------------------------------------------------------------------
-
-
-cmso.topology.create.request.url=https://oof-cmso-topology:7998/topology/v1/current
-cmso.ticket.create.request.url=https://oof-cmso-ticketmgt:7999/ticketmgt/v1/activetickets
-cmso.local.policy.folder=data/policies
-
-cmso.minizinc.command.exe=/mz-dist/bin/minizinc
-cmso.minizinc.command.solver=OSICBC
-cmso.minizinc.command.timelimit=60000
-cmso.minizinc.command.mzn=scripts/minizinc/generic_attributes.mzn
-
-mechid.user=oof@oof.onap.org
-mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw==
-
-aaf.urls=https://aaf-locate:8095
-aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
-aaf.enabled=true
-aaf.namespace=org.onap.oof
-
-cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
-aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.config.db.container }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - name: {{ include "common.name" . }}-chown
- command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
- image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
- - name: db-init
- image: "{{ include "common.repository" . }}/{{ .Values.dbinit.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: DB_HOST
- value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- - name: DB_PORT
- value: {{ .Values.config.db.port | quote}}
- - name: DB_USERNAME
- value: {{ .Values.config.db.root }}
- - name: DB_SCHEMA
- value: {{ .Values.config.db.mysqlDatabase }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
- terminationMessagePolicy: File
- volumeMounts:
- - name: {{ include "common.fullname" . }}-config
- mountPath: /share/etc/config
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: DB_HOST
- value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- - name: DB_PORT
- value: {{ .Values.config.db.port | quote}}
- - name: DB_USERNAME
- value: {{ .Values.config.db.root }}
- - name: DB_SCHEMA
- value: {{ .Values.config.db.mysqlDatabase }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
- - name: JAVA_TRUSTSTORE
- value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- - name: SSL_KEYSTORE
- value: /share/etc/certs/{{ .Values.global.keystoreFile }}
- - name: JAVA_TRUSTSTORE_PASSWORD
- value: {{ .Values.global.truststorePassword }}
- - name: SSL_KEYSTORE_PASSWORD
- value: {{ .Values.global.keystorePassword }}
- - name: AUTHENTICATION
- value: {{ .Values.global.authentication }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/debug-logs
- - name: {{ include "common.fullname" . }}-config
- mountPath: /share/etc/config
- - name: {{ include "common.fullname" . }}-certs
- mountPath: /share/etc/certs
- - name: {{ include "common.fullname" . }}-certs
- mountPath: /opt/app/cmso/src/main/resources/aaf
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: logback.xml
- path: logback.xml
- - key: cadi.properties
- path: cadi.properties
- - key: optimizer.properties
- path: optimizer.properties
- - key: liquibase.properties
- path: liquibase.properties
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-certs
- secret:
- secretName: {{ include "common.release" . }}-{{ .Values.global.commonConfigPrefix }}-certs
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global: # global defaults
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
-subChartsOnly:
- enabled: true
-
-# application image
-repository: nexus3.onap.org:10001
-image: onap/optf-cmso-optimizer:2.2.0
-pullPolicy: Always
-
-#init container image
-dbinit:
- image: onap/optf-cmso-dbinit:2.2.0
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: cmso-db-root-password
- type: password
- password: '{{ .Values.config.db.rootPassword }}'
- externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
- policy: required
- - uid: cmso-db-user-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.db.user }}'
- password: '{{ .Values.config.db.password }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 120
- periodSeconds: 10
-
-
-service:
- type: ClusterIP
- name: oof-cmso-optimizer
- portName: cmso
- internalPort: 7997
- externalPort: 7997
- #nodePort: 23
- # as of 20181022 port 23 is reserved for cmso
- # see https://wiki.onap.org/display/DW/OOM+NodePort+List
-
-
-config:
- db:
- port: 3306
- root: root
-# rootPassword: pass
-# rootPasswordExternalSecret: some secret
-# user: cmso-admin
-# password: pass
-# userCredentialsExternalSecret: some-secret
-# host: host
-# container: container
-# mysqlDatabase: optimizer
- topology_host: oof-cmso-topology
- topology_port: 7998
- ticketmgt_host: oof-cmso-ticketmgt
- ticketmgt_port: 7999
-
-ingress:
- enabled: false
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-flavor: small
-resources:
- small:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
- large:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
- unlimited: {}
+++ /dev/null
-#-------------------------------------------------------------------------------
-# ============LICENSE_START==============================================
-# Copyright (c) 2019 AT&T Intellectual Property.
-# =======================================================================
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a
-# copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-# ============LICENSE_END=================================================
-#
-#-------------------------------------------------------------------------------
-cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
-
+++ /dev/null
-
-#-------------------------------------------------------------------------------
-# Copyright (c) 2017-2018 AT&T Intellectual Property.
-# Modifications Copyright (c) 2018 IBM.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-# Unless otherwise specified, all documentation contained herein is licensed
-# under the Creative Commons License, Attribution 4.0 Intl. (the ???License???);
-# you may not use this documentation except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://creativecommons.org/licenses/by/4.0/
-#
-# Unless required by applicable law or agreed to in writing, documentation
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#-------------------------------------------------------------------------------
-
-#-------------------------------------------------------------------------------
-spring.datasource.url=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}
-spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
-spring.datasource.username=${DB_USERNAME}
-spring.datasource.password=${DB_PASSWORD}
-cmso.database.password=${DB_PASSWORD}
-
-spring.datasource.initialize=false
-spring.datasource.tomcat.max-wait=10000
-spring.datasource.tomcat.initialSize=5
-spring.datasource.tomcat.max-active=25
-spring.datasource.tomcat.test-on-borrow=true
-
-spring.jpa.show-sql=false
-spring.jpa.hibernate.ddl-auto=none
-spring.jpa.hibernate.naming.strategy=org.hibernate.cfg.EJB3NamingStrategy
-spring.jpa.database-platform=org.hibernate.dialect.MySQL5InnoDBDialect
-spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
-spring.jpa.hibernate.id.new_generator_mappings=false
-hibernate.id.new_generator_mappings=false
-
-logging.level.org.hibernate.SQL=WARN
-logging.level.org.hibernate=WARN
-#-------------------------------------------------------------------------------
-
-#
-cmso.aaf.enabled=false
-
-# Enable swagger - Enable in development and test only
-cmso.swagger.enabled=true
-
-# Enable schedule immediate to be dispatched without ticket approvals
-# Has no effect when in vTM loopback mode as always approved.
-cmso.cm.dispatch.immediate.enabled = true
-
-# NUmber of seconds between sniro dispatch jobs
-cmso.optimizer.job.interval.ms=10000
-
-# NUmber of seconds between change management cmso polling jobs
-# Controls frequenct of polling to the ChangeManagementScheduler table...
-cmso.cm.polling.job.interval.ms=10000
-# How many management cmso polling intervals to look ahead to dispatch
-# (To account for possible latency of the polling job)
-cmso.cm.polling.job.lookahead.intervals=5
-# Lead time before event time to enable dispatcher to
-# test that it is safe to dispatch (i.e. meeting reminder lead time)
-cmso.cm.dispatcher.lead.time.ms=5000
-# Lead time to prepare and call VID to dispatch work to MSO
-# Includes latency from VID call to the start of the workflow
-cmso.cm.dispatch.lead.time.ms=1000
-
-# Interval between polling to check status of schedules in Notifications Initiated status
-cmso.status.job.interval.ms=60000
-
-org.quartz.jobStore.class=org.quartz.simpl.RAMJobStore
-
-loopback.mso.requestId=dummy123
-
-so.polling.interval.ms=10000
-#mso.user=cmso@onap.org
-#mso.pass=enc:bfodXf8qRfCqMvlxVBYNWQ==
-
-## loopback settings
-so.url=http://127.0.0.1:5000/onap/so/infra/orchestrationRequests/v7
-so.user=oof@oof.onap.org
-so.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw==
-
-mechid.user=oof@oof.onap.org
-mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw==
-
-cmso.dispatch.url=http://localhost:8089
-
-aaf.urls=https://aaf-locate:8095
-aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
-aaf.enabled=true
-aaf.namespace=org.onap.oof
-
-cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
-aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
+++ /dev/null
-###
-# Copyright © 2017-2018 AT&T Intellectual Property.
-# Modifications Copyright © 2018 IBM.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-# Unless otherwise specified, all documentation contained herein is licensed
-# under the Creative Commons License, Attribution 4.0 Intl. (the ââ?¬Å"Licenseââ?¬);
-# you may not use this documentation except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://creativecommons.org/licenses/by/4.0/
-#
-# Unless required by applicable law or agreed to in writing, documentation
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-###
-spring.datasource.jdbcUrl=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}?createDatabaseIfNotExist=true
-spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
-spring.datasource.username=${DB_USERNAME}
-spring.datasource.password=${DB_PASSWORD}
-
-spring.datasource.initialize=false
-spring.datasource.tomcat.max-wait=10000
-spring.datasource.tomcat.initialSize=5
-spring.datasource.tomcat.max-active=25
-spring.datasource.tomcat.test-on-borrow=true
-
-
-#changeLogFile=calendar-liquibase-changeLog.xml
-changeLogFile=cmso-liquibase-changeLog.xml
-
-
-#spring.main.web-environment=false
-#outputChangeLogFile=src/main/resources/cmso-output-changelog.xml
-#url=jdbc:mariadb://localhost:3306/calendar
-#url=jdbc:mysql://localhost:3306/cmso
-#username=root
-#password=root
-#driver=org.mariadb.jdbc.Driver
-#driver=com.mysql.jdbc.Driver
+++ /dev/null
-#-------------------------------------------------------------------------------
-# Copyright (c) 2017-2018 AT&T Intellectual Property.
-# Modifications Copyright ? 2018 IBM.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-# Unless otherwise specified, all documentation contained herein is licensed
-# under the Creative Commons License, Attribution 4.0 Intl. (the ???License???);
-# you may not use this documentation except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://creativecommons.org/licenses/by/4.0/
-#
-# Unless required by applicable law or agreed to in writing, documentation
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#-------------------------------------------------------------------------------
-
-cmso.optimizer.request.url=https://oof-cmso-optimizer:7997/optimizer/v1/optimize/schedule
-cmso.optimizer.status.url=https://oof-cmso-optimizer:7997/optimizer/v1/optimize/schedule
-cmso.optimizer.health.url=https://oof-cmso-optimizer:7997/optimizer/v1/health?checkInterfaces=true
\ No newline at end of file
+++ /dev/null
-#-------------------------------------------------------------------------------
-# Copyright © 2017-2018 AT&T Intellectual Property.
-# Modifications Copyright © 2018 IBM.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-# Unless otherwise specified, all documentation contained herein is licensed
-# under the Creative Commons License, Attribution 4.0 Intl. (the â??Licenseâ?\9d);
-# you may not use this documentation except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://creativecommons.org/licenses/by/4.0/
-#
-# Unless required by applicable law or agreed to in writing, documentation
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#-------------------------------------------------------------------------------
-
-tm.vnfs.per.ticket=1
-tm.getPath=http://localhost:8089/cmso/v1/tm/getChangeRecord
-tm.createPath=http://localhost:8089/cmso/v1/tm/createChangeRecord
-tm.closePath=http://localhost:8089/cmso/v1/tm/closeCancelChangeRecord
-tm.updatePath=http://localhost:8089/cmso/v1/tm/updateChangeRecord
-tm.approvalStatus=Approved|Scheduled,Approved|Assigned
-tm.template.folder=data/templates/tm
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright (c) 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.config.db.container }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - name: {{ include "common.name" . }}-chown
- command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
- image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
- - name: db-init
- image: "{{ include "common.repository" . }}/{{ .Values.dbinit.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: DB_HOST
- value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- - name: DB_PORT
- value: {{ .Values.config.db.port | quote}}
- - name: DB_USERNAME
- value: {{ .Values.config.db.root }}
- - name: DB_SCHEMA
- value: {{ .Values.config.db.mysqlDatabase }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
- terminationMessagePolicy: File
- volumeMounts:
- - name: {{ include "common.fullname" . }}-config
- mountPath: /share/etc/config
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
- containers:
- # side car containers
- - name: filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- name: filebeat-conf
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
- - mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-filebeat
- resources:
-{{ include "common.resources" . }}
- - name: mso-simulator
- image: "{{ include "common.repository" . }}/{{ .Values.robotimage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-config
- mountPath: /share/etc/config
- ports:
- - containerPort: 5000
- resources:
-{{ include "common.resources" . }}
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: DB_HOST
- value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- - name: DB_PORT
- value: {{ .Values.config.db.port | quote}}
- - name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- - name: DB_SCHEMA
- value: {{ .Values.config.db.mysqlDatabase }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
- - name: JAVA_TRUSTSTORE
- value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- - name: SSL_KEYSTORE
- value: /share/etc/certs/{{ .Values.global.keystoreFile }}
- - name: JAVA_TRUSTSTORE_PASSWORD
- value: {{ .Values.global.truststorePassword }}
- - name: SSL_KEYSTORE_PASSWORD
- value: {{ .Values.global.keystorePassword }}
- - name: AUTHENTICATION
- value: {{ .Values.global.authentication }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/debug-logs
- - name: {{ include "common.fullname" . }}-config
- mountPath: /share/etc/config
- - name: {{ include "common.fullname" . }}-certs
- mountPath: /share/etc/certs
- - name: {{ include "common.fullname" . }}-certs
- mountPath: /opt/app/cmso/src/main/resources/aaf
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: logback.xml
- path: logback.xml
- - key: cmso.properties
- path: cmso.properties
- - key: cadi.properties
- path: cadi.properties
- - key: optimizer.properties
- path: optimizer.properties
- - key: ticketmgt.properties
- path: ticketmgt.properties
- - key: liquibase.properties
- path: liquibase.properties
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-filebeat
- emptyDir: {}
- - name: filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-cmso-filebeat-configmap
- - name: {{ include "common.fullname" . }}-certs
- secret:
- secretName: {{ include "common.release" . }}-{{ .Values.global.commonConfigPrefix }}-certs
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018-2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global: # global defaults
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
-subChartsOnly:
- enabled: true
-
-# application image
-repository: nexus3.onap.org:10001
-image: onap/optf-cmso-service:2.2.0
-robotimage: onap/optf-cmso-robot:2.2.0
-pullPolicy: Always
-
-#init container image
-dbinit:
- image: onap/optf-cmso-dbinit:2.2.0
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: cmso-db-root-password
- type: password
- password: '{{ .Values.config.db.rootPassword }}'
- externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
- policy: required
- - uid: cmso-db-user-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.db.user }}'
- password: '{{ .Values.config.db.password }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 120
- periodSeconds: 10
-
-
-service:
- type: ClusterIP
- name: oof-cmso
- portName: cmso
- internalPort: 8080
- externalPort: 8080
- #nodePort: 23
- # as of 20181022 port 23 is reserved for cmso
- # see https://wiki.onap.org/display/DW/OOM+NodePort+List
-
-
-config:
- db:
- port: 3306
- root: root
-# rootPassword: pass
-# rootPasswordExternalSecret: some secret
-# user: cmso-admin
-# password: pass
-# userCredentialsExternalSecret: some-secret
-# host: host
-# container: container
-# mysqlDatabase: cmso
- optimizer_host: oof-cmso-optimizer
- optimizer_port: 7997
-
-ingress:
- enabled: false
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-flavor: small
-resources:
- small:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
- large:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
- unlimited: {}
+++ /dev/null
-#-------------------------------------------------------------------------------
-# ============LICENSE_START==============================================
-# Copyright (c) 2019 AT&T Intellectual Property.
-# =======================================================================
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a
-# copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-# ============LICENSE_END=================================================
-#
-#-------------------------------------------------------------------------------
-cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
-
+++ /dev/null
-#-------------------------------------------------------------------------------
-# Copyright © 2017-2019 AT&T Intellectual Property.
-# Modifications Copyright © 2018 IBM.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-# Unless otherwise specified, all documentation contained herein is licensed
-# under the Creative Commons License, Attribution 4.0 Intl. (the â??Licenseâ?\9d);
-# you may not use this documentation except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://creativecommons.org/licenses/by/4.0/
-#
-# Unless required by applicable law or agreed to in writing, documentation
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#-------------------------------------------------------------------------------
-cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
-aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
-
-aaf.urls=https://aaf-locate:8095
-aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
-aaf.enabled=true
-aaf.namespace=org.onap.oof
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-chown
- command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
- image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: JAVA_TRUSTSTORE
- value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- - name: SSL_KEYSTORE
- value: /share/etc/certs/{{ .Values.global.keystoreFile }}
- - name: JAVA_TRUSTSTORE_PASSWORD
- value: {{ .Values.global.truststorePassword }}
- - name: SSL_KEYSTORE_PASSWORD
- value: {{ .Values.global.keystorePassword }}
- - name: AUTHENTICATION
- value: proprietary-auth
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/debug-logs
- - name: {{ include "common.fullname" . }}-config
- mountPath: /share/etc/config
- - name: {{ include "common.fullname" . }}-certs
- mountPath: /share/etc/certs
- - name: {{ include "common.fullname" . }}-certs
- mountPath: /opt/app/cmso/src/main/resources/aaf
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: logback.xml
- path: logback.xml
- - key: ticketmgt.properties
- path: ticketmgt.properties
- - key: cadi.properties
- path: cadi.properties
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-certs
- secret:
- secretName: {{ include "common.release" . }}-{{ .Values.global.commonConfigPrefix }}-certs
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright (c) 2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global: # global defaults
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- authentication: proprietary-auth
-subChartsOnly:
- enabled: true
-
-# application image
-repository: nexus3.onap.org:10001
-image: onap/optf-cmso-ticketmgt:2.2.0
-pullPolicy: Always
-
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 120
- periodSeconds: 10
-
-
-service:
- type: ClusterIP
- name: oof-cmso-ticketmgt
- portName: cmso-ticketmgt
- internalPort: 7999
- externalPort: 7999
- #nodePort: 23
- # as of 20181022 port 23 is reserved for cmso
- # see https://wiki.onap.org/display/DW/OOM+NodePort+List
-
-
-config:
-
-
-ingress:
- enabled: false
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-flavor: small
-resources:
- small:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
- large:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
- unlimited: {}
+++ /dev/null
-#-------------------------------------------------------------------------------
-# ============LICENSE_START==============================================
-# Copyright (c) 2019 AT&T Intellectual Property.
-# =======================================================================
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a
-# copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-# ============LICENSE_END=================================================
-#
-#-------------------------------------------------------------------------------
-cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
-
+++ /dev/null
-#-------------------------------------------------------------------------------
-# Copyright © 2017-2019 AT&T Intellectual Property.
-# Modifications Copyright © 2018 IBM.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-# Unless otherwise specified, all documentation contained herein is licensed
-# under the Creative Commons License, Attribution 4.0 Intl. (the â??Licenseâ?\9d);
-# you may not use this documentation except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://creativecommons.org/licenses/by/4.0/
-#
-# Unless required by applicable law or agreed to in writing, documentation
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#-------------------------------------------------------------------------------
-cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/certs/org.onap.oof.props
-aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
-
-aaf.urls=https://aaf-locate:8095
-aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
-aaf.enabled=true
-aaf.namespace=org.onap.oof
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-chown
- command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
- image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: JAVA_TRUSTSTORE
- value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- - name: SSL_KEYSTORE
- value: /share/etc/certs/{{ .Values.global.keystoreFile }}
- - name: JAVA_TRUSTSTORE_PASSWORD
- value: {{ .Values.global.truststorePassword }}
- - name: SSL_KEYSTORE_PASSWORD
- value: {{ .Values.global.keystorePassword }}
- - name: AUTHENTICATION
- value: {{ .Values.global.authentication }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/debug-logs
- - name: {{ include "common.fullname" . }}-config
- mountPath: /share/etc/config
- - name: {{ include "common.fullname" . }}-certs
- mountPath: /share/etc/certs
- - name: {{ include "common.fullname" . }}-certs
- mountPath: /opt/app/cmso/src/main/resources/aaf
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: logback.xml
- path: logback.xml
- - key: cadi.properties
- path: cadi.properties
- - key: topology.properties
- path: topology.properties
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-certs
- secret:
- secretName: {{ include "common.release" . }}-{{ .Values.global.commonConfigPrefix }}-certs
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global: # global defaults
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
-subChartsOnly:
- enabled: true
-
-# application image
-repository: nexus3.onap.org:10001
-image: onap/optf-cmso-topology:2.2.0
-pullPolicy: Always
-
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 120
- periodSeconds: 10
-
-
-service:
- type: ClusterIP
- name: oof-cmso-topology
- portName: cmso-topology
- internalPort: 7998
- externalPort: 7998
- #nodePort: 23
- # as of 20181022 port 23 is reserved for cmso
- # see https://wiki.onap.org/display/DW/OOM+NodePort+List
-
-
-config:
-
-ingress:
- enabled: false
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-flavor: small
-resources:
- small:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
- large:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: mariadb-galera
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
- # -------------------------------------------------------------------------
- # Copyright (c) 2019 AT&T Intellectual Property
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #
- # -------------------------------------------------------------------------
- #
-
-aaf_id=oof@oof.onap.org
-aaf_password=demo123456!
-cadi_keyfile=/share/etc/certs/org.onap.oof.keyfile
-cadi_truststore=/share/etc/certs//truststoreONAPall.jks
+++ /dev/null
-dX1X5XcwStbiOmKV2k-px6nukVP3Ucg3mB6Rx3IyAyAQOZx8nU-TBK9kOV635VI5559pLF6z7jGR
-BcBfEgQtiO93vGKsSfkiVjorFz5UDqqXvoW6kFz4yQHBYR8cfFIRQ4L6mitfrs6gsM0d7CBqBz29
-I5lyzeSzmaPmJDP92jw--y3cvGRYYNLGvl3U3IIeCFX9IkDY29OZazaQaihAZx2trjLZKEeuzLN1
-6JQGbKEqCCRzZ46TXnH1DKRPxxV2aNzb_3I8402XUmlGBPf0Ucyj2wlBWrSApVVaxKKIEgIjf7vs
-x2fEMD-ye--2MkalDZ6Tm_x75GFKiia7Uc2fBBb4xHGZZEmKTh4php1Gu3v1bVY8hjXXVTpF-WXm
-cm9T4uczm_CgnKE4PtqLnYQg87LI8ONbWIE5jkgu1D4lhWkzO8nMrQlnFT0HlB-CRGu_xRsIWvnc
-bTA8K4iKJMHm7IhRfrBFNRBSq8AH_9LoUfTQ62C-Nt8g6Wu7ox6fO_dus1S9H9ndNzos31IVrn1h
-5QHxuBCUORISWjGoEQSM6spz3pyvbNMgKpkkg2izwXzDwc3RbqOgiSY8WtpKXuWceU-Ltl_npFpO
-O1suykGF6fnuql87ERJ7mcEiNd8L2_GuxTr-0YbbWgCK2IBDyfNc6ayTcjN0huoF72umE0ODQ0aK
-0HUAWAV4W6cWXEj7iOpMx1jkDURbWEdPetlz-LZKv7aN3s65Cl4Nib7ltWrs9ilP5J-KUKTkUPpM
-poBWXVZf4IjNx3H2KFzdLeGSXO3kG46tQDeeloFuY2yk1FWeyS9xLS60H2komdIW6qRVVBzeJHRN
-7dYMK5AhAgOghhe5XBhH1yHVdjLJuOMXPRrXe8dTyNU6fD1rHuvGukwSLW9lXsQkJBENfsIxY-At
--j6Gm54G_Dz5k7tu7ThpCREVxNoBDMOBC_RemS0P-pqHSEpxEc0OjLQbVSPBQRa3eaRiqLMz_dop
-FGJt56UE73Qn0HWQw16lSdKSDtuSlByEwbQ8fRFN6e2f6DCHwW81kPpfJBcoPgO4RcoazNfbLXGI
-c3q9SSpOy6r33lPT8ZigURWiNqgO2NgWswAhaN1lllbXooQxhmTnokTxi8lbQ45ZMI0n5TKFJVAB
-TtEpi4VESECsda-Rlt2w-SE9QMSSxbdYcoMutupHoj2EuRcEDAW9ghLcfBqBkGapS_Vk-E7VYBqT
-mCzuKx5WdvNj9RFCIHq7U6axpddRd7XGgKhQwyLo075DLlpULcXjHegh2Dv_U-CgwMc7J4NfCNYL
-atLIkKAhxiaHt7nkhSVKsJK89-7_NQd-OubYnUNMREoEBJautCFfyiL5fooEb2Vdu1S-27fAYk3f
-9Zv4j_lwldSGBkNZg8vKGsSLgl9acdXld_zyUI9iGe-cj5eibI7LLpaxRL9UyBJWvElyDdTQvTZL
-DdpWmy3QF9GUGx0AwZixPixXdIHmmu2yOu1kFqNAjHqfVfoyNETlGrQRM5IPQ6RmBhWC3Iv5mSNA
-FZ0J95bvy9_HS718wAhlEiw4B6FGnTR8KZozfOtr2ihh8QybBgvvJrs-68RIB56gWyavbn-aAnXi
-zTI1YYCVzBDVv4XPzqK4itVl5gPb3KCHPUSlrVhkPLXAUix3b4-nu4pk8veAE1CYZCIy_GqPNUOT
-LqLl4-WMHodF7SLNzvPSqgolCC1TjnuO1ysOHlK86W7nZPyrpnideiLbGs6G51cG0pIcDIyWNm6d
-9TXQTiRx87cZxRxEEFz57ftjqy3qhg_sw2ziFWOeItEO6OaOgwfH2OtMToeBWiJepyfG1eB4n7jH
-OsTQLSvCt2gHI1zXyCtYBZKeZI2dxO6cOdh5ljIuS0rABHe1BP2ZkKmJIXoEPFstJlAz4GPaghL4
-8rCndhdyoW7CayzBAAe5balYq63qjqUD_eOIp-pHcEe0Mfbmzu4CDSK8-40Qia6ApskFsRCkzu1V
-Pf1fH6-3rvQZFqt6irr_7HWUFhGRcXw9kBOy8h24nTawv-L6eydW5iX0pwRMz_QfHo_Krm6O
\ No newline at end of file
+++ /dev/null
- # -------------------------------------------------------------------------
- # Copyright (c) 2019 AT&T Intellectual Property
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #
- # -------------------------------------------------------------------------
- #
-
-cadi_latitude=0.00
-cadi_longitude=0.00
+++ /dev/null
- # -------------------------------------------------------------------------
- # Copyright (c) 2019 AT&T Intellectual Property
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #
- # -------------------------------------------------------------------------
- #
-
-aaf_id=oof@oof.onap.org
-aaf_locate_url=https://aaf-locate:8095
-aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1
-cadi_etc_dir=/share/etc/certs/
-cadi_latitude=0.00
-cadi_longitude=0.00
-cadi_prop_files=/share/etc/certs/org.onap.oof.location.props:/share/etc/certs/org.onap.oof.cred.props
-cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.config.log.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.log.logstashPort}}"]
- #If enable will do load balancing among availabe Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-cmso-filebeat-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/log/filebeat/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-certs
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: cmso-db-root-password
- name: '{{ include "common.release" . }}-cmso-db-root-password'
- type: password
- password: ''
- policy: generate
- - uid: cmso-db-secret
- name: '{{ include "common.release" . }}-cmso-db-secret'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.db.userName }}'
- password: '{{ .Values.config.db.userPassword }}'
- passwordPolicy: generate
-
-mariadb-galera:
- replicaCount: 1
- nameOverride: cmso-db
- service:
- type: ClusterIP
- name: oof-cmso-dbhost
- portName: cmso-dbhost
- nfsprovisionerPrefix: cmso
- sdnctlPrefix: cmso
- persistence:
- mountSubPath: cmso/data
- enabled: true
- disableNfsProvisioner: true
- config:
- mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
- userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
- mysqlDatabase: cmso
- externalConfig: |
- [mysqld]
- lower_case_table_names = 1
-
-global:
- commonConfigPrefix: "oof-cmso"
- truststoreFile: "truststoreONAPall.jks"
- keystoreFile: "org.onap.oof.jks"
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- keystorePassword: OA7*y0PEGTma?$be2z#0$:L]
- truststorePassword:
- authentication: aaf-auth
- busyBoxImage: busybox:1.30
- busyBoxRepository: docker.io
-
-flavor: small
-
-config:
- log:
- logstashServiceName: log-ls
- logstashPort: 5044
- db:
- # userCredentialsExternalsecret: some secret
- userName: cmso-admin
- # userPassword: password
-
-oof-cmso-service:
- config:
- db:
- userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
- rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
- host: oof-cmso-dbhost
- container: cmso-db
- mysqlDatabase: cmso
-
-oof-cmso-optimizer:
- config:
- db:
- userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
- rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
- host: oof-cmso-dbhost
- container: cmso-db
- mysqlDatabase: optimizer
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Copyright (C) 2020 Wipro Limited.
-# Modifications Copyright © 2018 AT&T,VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - oof-has-controller
- - --container-name
- - aaf-service
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-onboard-readiness
- command:
- - /root/job_complete.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-onboard"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-has-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/bin/bash","-c"]
- args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --logto /var/log/conductor/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"]
- ports:
- - containerPort: {{ .Values.uwsgi.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.uwsgi.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.uwsgi.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/local/etc/conductor/conductor.conf
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: conductor.conf
- - mountPath: /usr/local/bin/log.conf
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: log.conf
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
- resources:
-{{ include "common.resources" . | indent 12 }}
- - name: {{ include "common.name" . }}-nginx
- image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.nginx.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{- if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /opt/bitnami/nginx/conf/nginx.conf
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: nginx.conf
- - mountPath: /opt/bitnami/nginx/ssl/org.onap.oof.crt
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: org.onap.oof.crt
- - mountPath: /opt/bitnami/nginx/ssl/org.onap.oof.key
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: org.onap.oof.key
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ .Values.global.commonConfigPrefix }}-config
- configMap:
- name: {{ .Values.global.commonConfigPrefix }}-configmap
- items:
- - key: nginx.conf
- path: nginx.conf
- - key: conductor.conf
- path: conductor.conf
- - key: log.conf
- path: log.conf
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
- - key: org.onap.oof.key
- path: org.onap.oof.key
- - key: org.onap.oof.crt
- path: org.onap.oof.crt
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.ingress" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware
-# Copyright (C) 2020 Wipro Limited.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-global: # global defaults
- nodePortPrefix: 302
-
-service:
- type: NodePort
- name: oof-has-api
- externalPort: 8091
- internalPort: 8091
- nodePort: 75
- portName: oof-has-api
-
-#sidecar container image
-nginx:
- image: bitnami/nginx:1.18-debian-10
-#backend container info
-uwsgi:
- internalPort: 8080
-ingress:
- enabled: false
-replicaCount: 1
-nodeSelector: {}
-affinity: {}
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-
-ingress:
- enabled: false
- service:
- - baseaddr: "oof-has-api.onap"
- name: "oof-has-api"
- port: 8091
- config:
- ssl: "redirect"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - music-springboot
- - --container-name
- - aaf-sms
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-onboard-readiness
- command:
- - /root/job_complete.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-onboard"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-cont-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - python
- args:
- - /usr/local/bin/conductor-controller
- - --config-file=/usr/local/bin/conductor.conf
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if .Values.liveness.enabled }}
- livenessProbe:
- exec:
- command:
- - cat
- - /usr/local/bin/healthy.sh
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- exec:
- command:
- - cat
- - /usr/local/bin/healthy.sh
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/local/bin/conductor.conf
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: conductor.conf
- - mountPath: /usr/local/bin/log.conf
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: log.conf
- - mountPath: /usr/local/bin/healthy.sh
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: healthy.sh
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ .Values.global.commonConfigPrefix }}-config
- configMap:
- name: {{ .Values.global.commonConfigPrefix }}-configmap
- items:
- - key: conductor.conf
- path: conductor.conf
- - key: log.conf
- path: log.conf
- - key: healthy.sh
- path: healthy.sh
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ingress:
- enabled: false
-replicaCount: 1
-nodeSelector: {}
-affinity: {}
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - music-springboot
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-onboard-readiness
- command:
- - /root/job_complete.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-onboard"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-health-readiness
- command:
- - /root/job_complete.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-healthcheck"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-data-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - python
- args:
- - /usr/local/bin/conductor-data
- - --config-file=/usr/local/bin/conductor.conf
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if .Values.liveness.enabled }}
- livenessProbe:
- exec:
- command:
- - cat
- - /usr/local/bin/healthy.sh
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- exec:
- command:
- - cat
- - /usr/local/bin/healthy.sh
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/local/bin/conductor.conf
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: conductor.conf
- - mountPath: /usr/local/bin/log.conf
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: log.conf
- - mountPath: /usr/local/bin/healthy.sh
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: healthy.sh
- - mountPath: /usr/local/bin/aai_cert.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: aai_cert.cer
- - mountPath: /usr/local/bin/aai_key.key
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: aai_key.key
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ .Values.global.commonConfigPrefix }}-config
- configMap:
- name: {{ .Values.global.commonConfigPrefix }}-configmap
- items:
- - key: conductor.conf
- path: conductor.conf
- - key: log.conf
- path: log.conf
- - key: healthy.sh
- path: healthy.sh
- - key: aai_cert.cer
- path: aai_cert.cer
- - key: aai_key.key
- path: aai_key.key
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ingress:
- enabled: false
-replicaCount: 1
-nodeSelector: {}
-affinity: {}
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - music-springboot
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-onboard-readiness
- command:
- - /root/job_complete.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-onboard"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-health-readiness
- command:
- - /root/job_complete.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-healthcheck"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-resrv-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" .}}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - python
- args:
- - /usr/local/bin/conductor-reservation
- - --config-file=/usr/local/bin/conductor.conf
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if .Values.liveness.enabled }}
- livenessProbe:
- exec:
- command:
- - cat
- - /usr/local/bin/healthy.sh
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- readinessProbe:
- exec:
- command:
- - cat
- - /usr/local/bin/healthy.sh
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- {{ end -}}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/local/bin/conductor.conf
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: conductor.conf
- - mountPath: /usr/local/bin/log.conf
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: log.conf
- - mountPath: /usr/local/bin/healthy.sh
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: healthy.sh
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ .Values.global.commonConfigPrefix }}-config
- configMap:
- name: {{ .Values.global.commonConfigPrefix }}-configmap
- items:
- - key: conductor.conf
- path: conductor.conf
- - key: log.conf
- path: log.conf
- - key: healthy.sh
- path: healthy.sh
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
-
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ingress:
- enabled: false
-replicaCount: 1
-nodeSelector: {}
-affinity: {}
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - music-springboot
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-onboard-readiness
- command:
- - /root/job_complete.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-onboard"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-health-readiness
- command:
- - /root/job_complete.py
- args:
- - -j
- - "{{ include "common.release" . }}-oof-has-healthcheck"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- - name: {{ include "common.name" . }}-solvr-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - python
- args:
- - /usr/local/bin/conductor-solver
- - --config-file=/usr/local/bin/conductor.conf
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if .Values.liveness.enabled }}
- livenessProbe:
- exec:
- command:
- - cat
- - /usr/local/bin/healthy.sh
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- exec:
- command:
- - cat
- - /usr/local/bin/healthy.sh
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/local/bin/conductor.conf
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: conductor.conf
- - mountPath: /usr/local/bin/log.conf
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: log.conf
- - mountPath: /usr/local/bin/healthy.sh
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: healthy.sh
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ .Values.global.commonConfigPrefix }}-config
- configMap:
- name: {{ .Values.global.commonConfigPrefix }}-configmap
- items:
- - key: conductor.conf
- path: conductor.conf
- - key: log.conf
- path: log.conf
- - key: healthy.sh
- path: healthy.sh
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ingress:
- enabled: false
-replicaCount: 1
-nodeSelector: {}
-affinity: {}
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
- - name: music
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware, Intel Corporation.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-[DEFAULT]
-
-#
-# From conductor
-#
-
-# Configuration file for WSGI definition of API. (string value)
-api_paste_config = /usr/local/etc/conductor/api_paste.ini
-
-# Music keyspace for content (string value)
-#keyspace = conductor
-
-# Delay time (Seconds) for MUSIC requests. Set it to 2 seconds by default.
-# (integer value)
-#delay_time = 2
-
-# (boolean value)
-#HPA_enabled = true
-
-#
-# From oslo.log
-#
-
-# If set to true, the logging level will be set to DEBUG instead of the default
-# INFO level. (boolean value)
-# Note: This option can be changed without restarting.
-#debug = false
-debug = true
-
-# The name of a logging configuration file. This file is appended to any
-# existing logging configuration files. For details about logging configuration
-# files, see the Python logging module documentation. Note that when logging
-# configuration files are used then all logging configuration is set in the
-# configuration file and other logging configuration options are ignored (for
-# example, logging_context_format_string). (string value)
-# Note: This option can be changed without restarting.
-# Deprecated group/name - [DEFAULT]/log_config
-#log_config_append = <None>
-log_config_append = /usr/local/bin/log.conf
-
-# Defines the format string for %%(asctime)s in log records. Default:
-# %(default)s . This option is ignored if log_config_append is set. (string
-# value)
-#log_date_format = %Y-%m-%d %H:%M:%S
-
-# (Optional) Name of log file to send logging output to. If no default is set,
-# logging will go to stderr as defined by use_stderr. This option is ignored if
-# log_config_append is set. (string value)
-# Deprecated group/name - [DEFAULT]/logfile
-#log_file = <None>
-
-# (Optional) The base directory used for relative log_file paths. This option
-# is ignored if log_config_append is set. (string value)
-# Deprecated group/name - [DEFAULT]/logdir
-#log_dir = <None>
-
-# Uses logging handler designed to watch file system. When log file is moved or
-# removed this handler will open a new log file with specified path
-# instantaneously. It makes sense only if log_file option is specified and
-# Linux platform is used. This option is ignored if log_config_append is set.
-# (boolean value)
-#watch_log_file = false
-
-# Use syslog for logging. Existing syslog format is DEPRECATED and will be
-# changed later to honor RFC5424. This option is ignored if log_config_append
-# is set. (boolean value)
-#use_syslog = false
-
-# Enable journald for logging. If running in a systemd environment you may wish
-# to enable journal support. Doing so will use the journal native protocol
-# which includes structured metadata in addition to log messages.This option is
-# ignored if log_config_append is set. (boolean value)
-#use_journal = false
-
-# Syslog facility to receive log lines. This option is ignored if
-# log_config_append is set. (string value)
-#syslog_log_facility = LOG_USER
-
-# Use JSON formatting for logging. This option is ignored if log_config_append
-# is set. (boolean value)
-#use_json = false
-
-# Log output to standard error. This option is ignored if log_config_append is
-# set. (boolean value)
-#use_stderr = false
-
-# Format string to use for log messages with context. (string value)
-#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
-
-# Format string to use for log messages when context is undefined. (string
-# value)
-#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
-
-# Additional data to append to log message when logging level for the message
-# is DEBUG. (string value)
-#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
-
-# Prefix each line of exception output with this format. (string value)
-#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
-
-# Defines the format string for %(user_identity)s that is used in
-# logging_context_format_string. (string value)
-#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
-
-# List of package logging levels in logger=LEVEL pairs. This option is ignored
-# if log_config_append is set. (list value)
-#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
-
-# Enables or disables publication of error events. (boolean value)
-#publish_errors = false
-
-# The format for an instance that is passed with the log message. (string
-# value)
-#instance_format = "[instance: %(uuid)s] "
-
-# The format for an instance UUID that is passed with the log message. (string
-# value)
-#instance_uuid_format = "[instance: %(uuid)s] "
-
-# Interval, number of seconds, of log rate limiting. (integer value)
-#rate_limit_interval = 0
-
-# Maximum number of logged messages per rate_limit_interval. (integer value)
-#rate_limit_burst = 0
-
-# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG
-# or empty string. Logs with level greater or equal to rate_limit_except_level
-# are not filtered. An empty string means that all levels are filtered. (string
-# value)
-#rate_limit_except_level = CRITICAL
-
-# Enables or disables fatal status of deprecations. (boolean value)
-#fatal_deprecations = false
-
-[auth]
-appkey = ""
-
-[aaf_api]
-
-#
-# From conductor
-#
-
-# is_aaf_enabled. (boolean value)
-is_aaf_enabled = true
-
-# aaf_cache_expiry_hrs. (integer value)
-aaf_cache_expiry_hrs = 3
-
-# aaf_url. (string value)
-aaf_url = https://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}/authz/perms/user/
-
-# aaf_cert_file. (string value)
-#aaf_cert_file = <None>
-
-# aaf_cert_key_file. (string value)
-#aaf_cert_key_file = <None>
-
-# aaf_ca_bundle_file. (string value)
-#aaf_ca_bundle_file =
-aaf_ca_bundle_file = /usr/local/bin/AAF_RootCA.cer
-
-# aaf_retries. (integer value)
-#aaf_retries = 3
-
-# aaf_timeout. (integer value)
-#aaf_timeout = 100
-
-# aaf_user_roles. (list value)
-#aaf_permissions = {"type": "org.onap.oof.access","instance": "*","action": "*"}
-
-
-[aaf_sms]
-
-#
-# From conductor
-#
-
-# Base URL for SMS, up to and not including the version, and without a trailing
-# slash. (string value)
-aaf_sms_url = https://{{.Values.config.sms.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sms.port}}
-
-
-# Timeout for SMS API Call (integer value)
-#aaf_sms_timeout = 30
-
-# Path to the cacert that will be used to verify If this is None, verify will
-# be False and the server certis not verified by the client. (string value)
-#aaf_ca_certs = AAF_RootCA.cer
-aaf_ca_certs = /usr/local/bin/AAF_RootCA.cer
-
-# Domain UUID - A unique UUID generated when the domainfor HAS is created by
-# administrator during deployment (string value)
-#secret_domain = has
-
-
-[aai]
-
-#
-# From conductor
-#
-
-# Interval with which to refresh the local cache, in minutes. (integer value)
-#cache_refresh_interval = 1440
-cache_refresh_interval = 1
-
-# Interval with which to refresh the local complex cache, in minutes. (integer
-# value)
-#complex_cache_refresh_interval = 1440
-complex_cache_refresh_interval = 60
-
-# Data Store table prefix. (string value)
-#table_prefix = aai
-
-# Base URL for A&AI, up to and not including the version, and without a
-# trailing slash. (string value)
-server_url = https://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai
-
-# Timeout for A&AI Rest Call (string value)
-#aai_rest_timeout = 30
-
-# Number of retry for A&AI Rest Call (string value)
-#aai_retries = 3
-
-# The version of A&AI in v# format. (string value)
-server_url_version = v19
-
-# SSL/TLS certificate file in pem format. This certificate must be registered
-# with the A&AI endpoint. (string value)
-certificate_file =
-
-# Private Certificate Key file in pem format. (string value)
-certificate_key_file =
-
-# Certificate Authority Bundle file in pem format. Must contain the appropriate
-# trust chain for the Certificate file. (string value)
-#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
-
-# Username for AAI. (string value)
-username = OOF
-
-# Password for AAI. (string value)
-password = OOF
-
-
-[api]
-
-#
-# From conductor
-#
-
-# Toggle Pecan Debug Middleware. (boolean value)
-#pecan_debug = false
-
-# Default maximum number of items returned by API request. (integer value)
-# Minimum value: 1
-#default_api_return_limit = 100
-
-[conductor_api]
-
-#
-# From conductor
-#
-
-# Base URL for plans. (string value)
-#server_url =
-
-# username for plans. (string value)
-#username =
-username = admin1
-
-# password for plans. (string value)
-#password =
-password = plan.15
-
-# auth toggling. (boolean value)
-basic_auth_secure = true
-
-
-[controller]
-
-#
-# From conductor
-#
-
-# Timeout for planning requests. Default value is 10. (integer value)
-# Minimum value: 1
-#timeout = 10
-timeout = 200
-
-# Maximum number of result sets to return. Default value is 1. (integer value)
-# Minimum value: 1
-#limit = 1
-
-# Number of workers for controller service. Default value is 1. (integer value)
-# Minimum value: 1
-#workers = 1
-
-# Set to True when controller will run in active-active mode. When set to
-# False, controller will flush any abandoned messages at startup. The
-# controller always restarts abandoned template translations at startup.
-# (boolean value)
-#concurrent = false
-concurrent = true
-
-# Time between checking for new plans. Default value is 1. (integer value)
-# Minimum value: 1
-#polling_interval = 1
-
-# (integer value)
-# Minimum value: 1
-#max_translation_counter = 1
-
-
-[data]
-
-#
-# From conductor
-#
-
-# Number of workers for data service. Default value is 1. (integer value)
-# Minimum value: 1
-#workers = 1
-
-# Set to True when data will run in active-active mode. When set to False, data
-# will flush any abandoned messages at startup. (boolean value)
-#concurrent = false
-concurrent = true
-
-# Default value is -8000, which is the diameter of the earth. The distance
-# cannot larger than this value (floating point value)
-#existing_placement_cost = -8000.0
-
-# (floating point value)
-#cloud_candidate_cost = 2.0
-
-# (floating point value)
-#service_candidate_cost = 1.0
-
-
-[inventory_provider]
-
-#
-# From conductor
-#
-
-# Extensions list to use (list value)
-#extensions = aai
-
-
-[messaging_server]
-
-#
-# From conductor
-#
-
-# Music keyspace for messages (string value)
-#keyspace = conductor_rpc
-
-# Wait interval while checking for a message response. Default value is 1
-# second. (integer value)
-# Minimum value: 1
-#check_interval = 1
-
-# Overall message response timeout. Default value is 120 seconds. (integer
-# value)
-# Minimum value: 1
-#response_timeout = 120
-
-# Timeout for detecting a VM is down, and other VMs can pick the plan up.
-# Default value is 5 minutes. (integer value) (integer value)
-# Minimum value: 1
-timeout = 300
-
-# Number of workers for messaging service. Default value is 1. (integer value)
-# Minimum value: 1
-#workers = 1
-
-# Time between checking for new messages. Default value is 1. (integer value)
-# Minimum value: 1
-#polling_interval = 1
-
-# Log debug messages. Default value is False. (boolean value)
-#debug = false
-
-
-[multicloud]
-
-#
-# From conductor
-#
-
-# Base URL for Multicloud without a trailing slash. (string value)
-#server_url = http://msb.onap.org/api/multicloud
-server_url = http://{{.Values.config.msb.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.msb.port}}/api/multicloud
-
-# Timeout for Multicloud Rest Call (string value)
-#multicloud_rest_timeout = 30
-
-# Number of retry for Multicloud Rest Call (string value)
-#multicloud_retries = 3
-
-# The version of Multicloud API. (string value)
-#server_url_version = v0
-
-
-[music_api]
-
-#
-# From conductor
-#
-
-# Base URL for Music REST API without a trailing slash. (string value)
-#server_url = http://oof-has-music:8080/MUSIC/rest/v2
-server_url = https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2
-version = v2
-
-# DEPRECATED: List of hostnames (round-robin access) (list value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Use server_url instead
-#hostnames = <None>
-
-# DEPRECATED: Port (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Use server_url instead
-#port = <None>
-
-# DEPRECATED: Path (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Use server_url instead
-#path = <None>
-
-# Socket connection timeout (floating point value)
-#connect_timeout = 3.05
-
-# Socket read timeout (floating point value)
-#read_timeout = 12.05
-
-# Lock timeout (integer value)
-#lock_timeout = 10
-
-# Replication factor (integer value)
-#replication_factor = 1
-replication_factor = 1
-
-# Use mock API (boolean value)
-#mock = false
-
-# (string value)
-#music_topology = SimpleStrategy
-
-# Name of the first data center (string value)
-#first_datacenter_name = <None>
-
-# Number of replicas in first data center (integer value)
-#first_datacenter_replicas = <None>
-
-# Name of the second data center (string value)
-#second_datacenter_name = <None>
-
-# Number of replicas in second data center (integer value)
-#second_datacenter_replicas = <None>
-
-# Name of the third data center (string value)
-#third_datacenter_name = <None>
-
-# Number of replicas in third data center (integer value)
-#third_datacenter_replicas = <None>
-
-# new or old version (boolean value)
-#music_new_version = <None>
-music_new_version = True
-
-# for version (string value)
-#music_version = <None>
-music_version = "3.2.40"
-
-# username value that used for creating basic authorization header (string
-# value)
-#aafuser = <None>
-aafuser = conductor
-
-# password value that used for creating basic authorization header (string
-# value)
-#aafpass = <None>
-aafpass = c0nduct0r
-
-# AAF namespace field used in MUSIC request header (string value)
-#aafns = <None>
-aafns = conductor
-
-# Enabling HTTPs mode (boolean value)
-enable_https_mode = True
-
-# Certificate Authority Bundle file in pem format. Must contain the appropriate
-# trust chain for the Certificate file. (string value)
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
-
-
-[prometheus]
-
-#
-# From conductor
-#
-
-# Prometheus Metrics Endpoint (list value)
-#metrics_port = 8000,8001,8002,8003,8004
-
-
-[reservation]
-
-#
-# From conductor
-#
-
-# Number of workers for reservation service. Default value is 1. (integer
-# value)
-# Minimum value: 1
-#workers = 1
-
-# Number of times reservation/release should be attempted. (integer value)
-#reserve_retries = 1
-
-# Timeout for detecting a VM is down, and other VMs can pick the plan up and
-# resereve. Default value is 600 seconds. (integer value) (integer value)
-# Minimum value: 1
-#timeout = 600
-
-# Set to True when reservation will run in active-active mode. When set to
-# False, reservation will restart any orphaned reserving requests at startup.
-# (boolean value)
-#concurrent = false
-concurrent = true
-
-# (integer value)
-# Minimum value: 1
-#max_reservation_counter = 1
-
-
-[sdnc]
-
-#
-# From conductor
-#
-
-# Interval with which to refresh the local cache, in minutes. (integer value)
-#cache_refresh_interval = 1440
-
-# Data Store table prefix. (string value)
-#table_prefix = sdnc
-
-# Base URL for SDN-C, up to and including the version. (string value)
-server_url = https://controller:8443/restconf/
-
-# Basic Authentication Username (string value)
-#username = <None>
-username = admin
-
-# Basic Authentication Password (string value)
-#password = <None>
-password = Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-
-# Timeout for SDNC Rest Call (string value)
-#sdnc_rest_timeout = 30
-
-# Retry Numbers for SDNC Rest Call (string value)
-#sdnc_retries = 3
-
-[service_controller]
-
-#
-# From conductor
-#
-
-# Extensions list to use (list value)
-#extensions = sdnc
-
-
-[solver]
-
-#
-# From conductor
-#
-
-# Number of workers for solver service. Default value is 1. (integer value)
-# Minimum value: 1
-#workers = 1
-
-# The timeout value for solver service. Default value is 480 seconds. (integer
-# value)
-# Minimum value: 1
-#solver_timeout = 480
-
-# Set to True when solver will run in active-active mode. When set to False,
-# solver will restart any orphaned solving requests at startup. (boolean value)
-#concurrent = false
-concurrent = true
-
-# Timeout for detecting a VM is down, and other VMs can pick the plan up. This
-# value should be larger than solver_timeoutDefault value is 10 minutes.
-# (integer value) (integer value)
-# Minimum value: 1
-#timeout = 600
-
-# (integer value)
-# Minimum value: 1
-#max_solver_counter = 1
-
-
-[vim_controller]
-
-#
-# From conductor
-#
-
-# Extensions list to use (list value)
-#extensions = multicloud
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#!/bin/bash
-
-# Controller is a process that reads from Music Q
-# It uses no ports (TCP or HTTP). The PROB will check
-# if the controller process exists or not. In case
-# it exists, it will send 0, else send 1 so k8s can i
-# restart the container
-
-pid="$(pgrep -f '/usr/local/bin/conductor')"
-if [ -z "$pid" ]
-then
- echo 1
-else
- echo 0
-fi
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-[loggers]
-keys=root
-
-[handlers]
-keys=trfhand,consoleHandler,audithand,metrichand,errhand,debughand
-
-[logger_root]
-level=NOTSET
-handlers=trfhand,consoleHandler,audithand,metrichand,errhand,debughand
-
-[handler_consoleHandler]
-class=StreamHandler
-level=NOTSET
-formatter=generic
-args=(sys.stdout,)
-
-[handler_trfhand]
-class=handlers.TimedRotatingFileHandler
-level=NOTSET
-formatter=generic
-args=('/var/log/conductor/application.log','midnight', 1, 10)
-
-[handler_audithand]
-class=handlers.TimedRotatingFileHandler
-level=INFO
-formatter=audit
-args=('/var/log/conductor/audit.log', 'midnight', 1, 10)
-
-[handler_metrichand]
-class=handlers.TimedRotatingFileHandler
-level=INFO
-formatter=metric
-args=('/var/log/conductor/metric.log','midnight', 1, 10)
-
-[handler_errhand]
-class=handlers.TimedRotatingFileHandler
-level=ERROR
-formatter=error
-args=('/var/log/conductor/error.log','midnight', 1, 10)
-
-[handler_debughand]
-class=handlers.TimedRotatingFileHandler
-level=DEBUG
-formatter=generic
-args=('/var/log/conductor/debug.log','midnight', 1, 10)
-
-[formatters]
-keys=generic,audit,metric,error
-
-[formatter_audit]
-format=%(asctime)s|%(asctime)s|00000000-0000-0000-0000-000000000000||%(thread)d||Conductor|N/A|COMPLETE|200|sucessful||%(levelname)s|||0|%(module)s|||||||||%(name)s : [-] %(message)s
-datefmt=
-
-[formatter_metric]
-format=%(asctime)s|%(asctime)s|00000000-0000-0000-0000-000000000000||%(thread)d||Conductor|N/A|N/A|N/A|COMPLETE|200|sucessful||%(levelname)s|||0|%(module)s||||||||||%(name)s : [-] %(message)s
-datefmt=
-
-[formatter_error]
-format=%(asctime)s|00000000-0000-0000-0000-000000000000|%(thread)d|Conductor|N/A|N/A|N/A|ERROR|500|N/A|%(name)s : [-] %(message)s
-datefmt=
-
-[formatter_generic]
-format=%(asctime)s||%(thread)d|%(levelname)s|%(module)s|%(name)s: [-] %(message)s
-datefmt=
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
+++ /dev/null
-events {
- worker_connections 768;
- # multi_accept on;
-}
-
-http {
- # ...
- upstream conductor_uwsgi {
- server 127.0.0.1:8080;
- }
-
- server {
-
- listen 8091 ssl;
- server_name oof;
- ssl_certificate /opt/bitnami/nginx/ssl/org.onap.oof.crt;
- ssl_certificate_key /opt/bitnami/nginx/ssl/org.onap.oof.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers HIGH:!aNULL:!MD5;
-
- location / {
- include /opt/bitnami/nginx/conf/uwsgi_params;
- uwsgi_pass conductor_uwsgi;
-
- uwsgi_param Host $host;
- uwsgi_param X-Real-IP $remote_addr;
- uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
- uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto;
- }
- }
-}
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
-BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow
-XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6
-REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR
-UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ
-IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB
-HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+
-LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH
-hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib
-AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB
-Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze
-81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ
-MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw
-ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv
-bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw
-Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv
-b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw
-aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v
-cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt
-cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU
-FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20
-/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My
-7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X
-koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L
-mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5
-GsHFjQ==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
-MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
-neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
-o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
-nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
-v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
-15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
-gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
-M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
-BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
-AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
-ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
-u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
-+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
-QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
-8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
-kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
-aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
-uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
-tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
-BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
-
-
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ
-ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+
-CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8
-MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK
-GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH
-KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g
-uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q
-MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V
-SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0
-XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY
-Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0
-0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe
-FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430
-XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd
-8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD
-Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx
-Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF
-nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh
-iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32
-ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h
-MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+
-2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w
-9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY
-vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY
-ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC
-h+G1ZXD4PyjI6KWhRC3JuA==
------END PRIVATE KEY-----
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ .Values.global.commonConfigPrefix }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-healthcheck
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - oof-has-api
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-healthcheck
- command:
- - "/bin/sh"
- - "-c"
- - |
- echo "INSERT HEALTHCHECK PLAN";
- sleep 15;
- resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -k -s -o /dev/null --write-out %{http_code} -X POST https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/keyspaces/conductor/tables/plans/rows?id=healthcheck \
- -H "Content-Type: application/json" \
- -H "ns: conductor" \
- -H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" \
- --data @healthcheck.json);
- echo $resp;
- sleep 2;
- done;
- workingDir: /has
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /has/healthcheck.json
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: healthcheck.json
- resources:
-{{ toYaml .Values.resources | indent 10 }}
- nodeSelector:
- {{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ .Values.global.commonConfigPrefix }}-config
- configMap:
- name: {{ .Values.global.commonConfigPrefix }}-configmap
- items:
- - key: healthcheck.json
- path: healthcheck.json
- restartPolicy: OnFailure
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-onboard
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - "music-springboot"
- - --container-name
- - "music-cassandra"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - command:
- - /root/job_complete.py
- args:
- - -j
- - "{{ include "common.release" . }}-music-cassandra-job-config"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-music-db-readiness
- containers:
- - image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard
- command:
- - "/bin/sh"
- - "-c"
- - |
- echo "job-onboard"
- workingDir: /has
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /has/onboard.json
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: onboard.json
- resources:
-{{ toYaml .Values.resources | indent 10 }}
- nodeSelector:
- {{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ .Values.global.commonConfigPrefix }}-config
- configMap:
- name: {{ .Values.global.commonConfigPrefix }}-configmap
- items:
- - key: onboard.json
- path: onboard.json
- restartPolicy: OnFailure
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware
-# Modifications Copyright © 2018 Intel Corporation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- repository: nexus3.onap.org:10001
- commonConfigPrefix: onap-oof-has
- image:
- readiness: oomk8s/readiness-check:2.0.0
- optf_has: onap/optf-has:2.0.4
- filebeat: docker.elastic.co/beats/filebeat:5.5.0
-
-pullPolicy: Always
-nodePortPrefix: 302
-dataRootDir: /dockerdata-nfs
-config:
- aaf:
- serviceName: aaf-service
- port: 8100
- aai:
- serviceName: aai
- port: 8443
- msb:
- serviceName: msb-iag
- port: 80
- music:
- serviceName: music
- port: 8443
- sms:
- serviceName: aaf-sms
- port: 10443
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 2Gi
- cpu: 1000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+components/
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+#-------------------------------------------------------------------------------
+# ============LICENSE_START==============================================
+# Copyright (c) 2019 AT&T Intellectual Property.
+# =======================================================================
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain a
+# copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+# or implied. See the License for the specific language governing
+# permissions and limitations under the License.
+# ============LICENSE_END=================================================
+#
+#-------------------------------------------------------------------------------
+*/}}
+cadi_loglevel=DEBUG
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
+
--- /dev/null
+{{/*
+###
+# Copyright (c) 2019 AT&T Intellectual Property.
+# Modifications Copyright (c) 2018 IBM.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the ââ?¬Å"Licenseââ?¬);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+###
+*/}}
+spring.datasource.jdbcUrl=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}?createDatabaseIfNotExist=true
+spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
+spring.datasource.username=${DB_USERNAME}
+spring.datasource.password=${DB_PASSWORD}
+
+spring.datasource.initialize=false
+spring.datasource.tomcat.max-wait=10000
+spring.datasource.tomcat.initialSize=5
+spring.datasource.tomcat.max-active=25
+spring.datasource.tomcat.test-on-borrow=true
+
+
+changeLogFile=optimizer-liquibase-changeLog.xml
--- /dev/null
+{{/*
+#-------------------------------------------------------------------------------
+# ============LICENSE_START==============================================
+# Copyright (c) 2019 AT&T Intellectual Property.
+# =======================================================================
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain a
+# copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+# or implied. See the License for the specific language governing
+# permissions and limitations under the License.
+# ============LICENSE_END=================================================
+#
+#-------------------------------------------------------------------------------
+*/}}
+spring.datasource.url=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}
+spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
+spring.datasource.username=${DB_USERNAME}
+spring.datasource.password=${DB_PASSWORD}
+cmso.database.password=${DB_PASSWORD}
+
+spring.datasource.initialize=false
+spring.datasource.tomcat.max-wait=10000
+spring.datasource.tomcat.initialSize=5
+spring.datasource.tomcat.max-active=25
+spring.datasource.tomcat.test-on-borrow=true
+
+spring.jpa.show-sql=false
+spring.jpa.hibernate.ddl-auto=none
+spring.jpa.hibernate.naming.strategy=org.hibernate.cfg.EJB3NamingStrategy
+spring.jpa.database-platform=org.hibernate.dialect.MySQL5InnoDBDialect
+spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+spring.jpa.hibernate.id.new_generator_mappings=false
+hibernate.id.new_generator_mappings=false
+
+logging.level.org.hibernate.SQL=WARN
+logging.level.org.hibernate=WARN
+#-------------------------------------------------------------------------------
+
+
+cmso.topology.create.request.url=https://oof-cmso-topology:7998/topology/v1/current
+cmso.ticket.create.request.url=https://oof-cmso-ticketmgt:7999/ticketmgt/v1/activetickets
+cmso.local.policy.folder=data/policies
+
+cmso.minizinc.command.exe=/mz-dist/bin/minizinc
+cmso.minizinc.command.solver=OSICBC
+cmso.minizinc.command.timelimit=60000
+cmso.minizinc.command.mzn=scripts/minizinc/generic_attributes.mzn
+
+mechid.user=oof@oof.onap.org
+mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw==
+
+aaf.urls=https://aaf-locate:8095
+aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
+aaf.enabled=true
+aaf.namespace=org.onap.oof
+
+cadi_loglevel=DEBUG
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
+aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{ .Values.config.db.container }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-db-config-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-cmso-db-config-config-job"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ - name: {{ include "common.name" . }}-chown
+ command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
+ - name: db-init
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbinit.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: DB_HOST
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
+ - name: DB_PORT
+ value: {{ .Values.config.db.port | quote}}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
+ - name: DB_SCHEMA
+ value: {{ .Values.config.db.mysqlDatabase }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
+ terminationMessagePolicy: File
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /share/etc/config
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: DB_HOST
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
+ - name: DB_PORT
+ value: {{ .Values.config.db.port | quote}}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
+ - name: DB_SCHEMA
+ value: {{ .Values.config.db.mysqlDatabase }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
+ - name: JAVA_TRUSTSTORE
+ value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
+ - name: SSL_KEYSTORE
+ value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
+ - name: JAVA_TRUSTSTORE_PASSWORD
+ value: {{ .Values.global.truststorePassword }}
+ - name: AUTHENTICATION
+ value: {{ .Values.global.authentication }}
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
+ ./startService.sh
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 8 }}
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/debug-logs
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /share/etc/config
+ - name: {{ include "common.fullname" . }}-certs
+ mountPath: /share/etc/certs
+ - name: {{ include "common.fullname" . }}-certs
+ mountPath: /opt/app/cmso/src/main/resources/aaf
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ items:
+ - key: logback.xml
+ path: logback.xml
+ - key: cadi.properties
+ path: cadi.properties
+ - key: optimizer.properties
+ path: optimizer.properties
+ - key: liquibase.properties
+ path: liquibase.properties
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-certs
+ secret:
+ secretName: {{ include "common.release" . }}-{{ .Values.global.commonConfigPrefix }}-certs
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2019 AT&T
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: # global defaults
+ nodePortPrefix: 302
+ readinessImage: onap/oom/readiness:3.0.1
+
+subChartsOnly:
+ enabled: true
+
+# application image
+image: onap/optf-cmso-optimizer:2.3.0
+pullPolicy: Always
+
+#init container image
+dbinit:
+ image: onap/optf-cmso-dbinit:2.3.0
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: cmso-db-user-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.user }}'
+ password: '{{ .Values.config.db.password }}'
+ passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+
+
+service:
+ type: ClusterIP
+ name: oof-cmso-optimizer
+ portName: cmso
+ internalPort: 7997
+ externalPort: 7997
+ #nodePort: 23
+ # as of 20181022 port 23 is reserved for cmso
+ # see https://wiki.onap.org/display/DW/OOM+NodePort+List
+
+
+config:
+ db:
+ port: 3306
+# rootPassword: pass
+# rootPasswordExternalSecret: some secret
+ user: cmso-admin
+ password: pass
+# userCredentialsExternalSecret: some-secret
+# host: host
+# container: container
+# mysqlDatabase: optimizer
+ topology_host: oof-cmso-topology
+ topology_port: 7998
+ ticketmgt_host: oof-cmso-ticketmgt
+ ticketmgt_port: 7999
+
+ingress:
+ enabled: false
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1.2Gi
+ requests:
+ cpu: 10m
+ memory: 800Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 1.2Gi
+ requests:
+ cpu: 10m
+ memory: 800Mi
+ unlimited: {}
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+#-------------------------------------------------------------------------------
+# ============LICENSE_START==============================================
+# Copyright (c) 2019 AT&T Intellectual Property.
+# =======================================================================
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain a
+# copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+# or implied. See the License for the specific language governing
+# permissions and limitations under the License.
+# ============LICENSE_END=================================================
+#
+#-------------------------------------------------------------------------------
+*/}}
+cadi_loglevel=DEBUG
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
+
--- /dev/null
+
+#-------------------------------------------------------------------------------
+# Copyright (c) 2017-2018 AT&T Intellectual Property.
+# Modifications Copyright (c) 2018 IBM.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the ???License???);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#-------------------------------------------------------------------------------
+
+#-------------------------------------------------------------------------------
+spring.datasource.url=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}
+spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
+spring.datasource.username=${DB_USERNAME}
+spring.datasource.password=${DB_PASSWORD}
+cmso.database.password=${DB_PASSWORD}
+
+spring.datasource.initialize=false
+spring.datasource.tomcat.max-wait=10000
+spring.datasource.tomcat.initialSize=5
+spring.datasource.tomcat.max-active=25
+spring.datasource.tomcat.test-on-borrow=true
+
+spring.jpa.show-sql=false
+spring.jpa.hibernate.ddl-auto=none
+spring.jpa.hibernate.naming.strategy=org.hibernate.cfg.EJB3NamingStrategy
+spring.jpa.database-platform=org.hibernate.dialect.MySQL5InnoDBDialect
+spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+spring.jpa.hibernate.id.new_generator_mappings=false
+hibernate.id.new_generator_mappings=false
+
+logging.level.org.hibernate.SQL=WARN
+logging.level.org.hibernate=WARN
+#-------------------------------------------------------------------------------
+
+#
+cmso.aaf.enabled=false
+
+# Enable swagger - Enable in development and test only
+cmso.swagger.enabled=true
+
+# Enable schedule immediate to be dispatched without ticket approvals
+# Has no effect when in vTM loopback mode as always approved.
+cmso.cm.dispatch.immediate.enabled = true
+
+# NUmber of seconds between sniro dispatch jobs
+cmso.optimizer.job.interval.ms=10000
+
+# NUmber of seconds between change management cmso polling jobs
+# Controls frequenct of polling to the ChangeManagementScheduler table...
+cmso.cm.polling.job.interval.ms=10000
+# How many management cmso polling intervals to look ahead to dispatch
+# (To account for possible latency of the polling job)
+cmso.cm.polling.job.lookahead.intervals=5
+# Lead time before event time to enable dispatcher to
+# test that it is safe to dispatch (i.e. meeting reminder lead time)
+cmso.cm.dispatcher.lead.time.ms=5000
+# Lead time to prepare and call VID to dispatch work to MSO
+# Includes latency from VID call to the start of the workflow
+cmso.cm.dispatch.lead.time.ms=1000
+
+# Interval between polling to check status of schedules in Notifications Initiated status
+cmso.status.job.interval.ms=60000
+
+org.quartz.jobStore.class=org.quartz.simpl.RAMJobStore
+
+loopback.mso.requestId=dummy123
+
+so.polling.interval.ms=10000
+#mso.user=cmso@onap.org
+#mso.pass=enc:bfodXf8qRfCqMvlxVBYNWQ==
+
+## loopback settings
+so.url=http://127.0.0.1:5000/onap/so/infra/orchestrationRequests/v7
+so.user=oof@oof.onap.org
+so.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw==
+
+mechid.user=oof@oof.onap.org
+mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw==
+
+cmso.dispatch.url=http://localhost:8089
+
+aaf.urls=https://aaf-locate:8095
+aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
+aaf.enabled=true
+aaf.namespace=org.onap.oof
+
+cadi_loglevel=DEBUG
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
+aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
--- /dev/null
+{{/*
+###
+# Copyright © 2017-2018 AT&T Intellectual Property.
+# Modifications Copyright © 2018 IBM.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the ââ?¬Å"Licenseââ?¬);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+###
+*/}}
+spring.datasource.jdbcUrl=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}?createDatabaseIfNotExist=true
+spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
+spring.datasource.username=${DB_USERNAME}
+spring.datasource.password=${DB_PASSWORD}
+
+spring.datasource.initialize=false
+spring.datasource.tomcat.max-wait=10000
+spring.datasource.tomcat.initialSize=5
+spring.datasource.tomcat.max-active=25
+spring.datasource.tomcat.test-on-borrow=true
+
+
+#changeLogFile=calendar-liquibase-changeLog.xml
+changeLogFile=cmso-liquibase-changeLog.xml
+
+
+#spring.main.web-environment=false
+#outputChangeLogFile=src/main/resources/cmso-output-changelog.xml
+#url=jdbc:mariadb://localhost:3306/calendar
+#url=jdbc:mysql://localhost:3306/cmso
+#username=root
+#password=root
+#driver=org.mariadb.jdbc.Driver
+#driver=com.mysql.jdbc.Driver
--- /dev/null
+{{/*
+#-------------------------------------------------------------------------------
+# Copyright (c) 2017-2018 AT&T Intellectual Property.
+# Modifications Copyright ? 2018 IBM.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the ???License???);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#-------------------------------------------------------------------------------
+*/}}
+
+cmso.optimizer.request.url=https://oof-cmso-optimizer:7997/optimizer/v1/optimize/schedule
+cmso.optimizer.status.url=https://oof-cmso-optimizer:7997/optimizer/v1/optimize/schedule
+cmso.optimizer.health.url=https://oof-cmso-optimizer:7997/optimizer/v1/health?checkInterfaces=true
--- /dev/null
+{{/*
+#-------------------------------------------------------------------------------
+# Copyright © 2017-2018 AT&T Intellectual Property.
+# Modifications Copyright © 2018 IBM.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the â??Licenseâ?\9d);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#-------------------------------------------------------------------------------
+*/}}
+
+tm.vnfs.per.ticket=1
+tm.getPath=http://localhost:8089/cmso/v1/tm/getChangeRecord
+tm.createPath=http://localhost:8089/cmso/v1/tm/createChangeRecord
+tm.closePath=http://localhost:8089/cmso/v1/tm/closeCancelChangeRecord
+tm.updatePath=http://localhost:8089/cmso/v1/tm/updateChangeRecord
+tm.approvalStatus=Approved|Scheduled,Approved|Assigned
+tm.template.folder=data/templates/tm
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright (c) 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{ .Values.config.db.container }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-db-config-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-cmso-db-config-config-job"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ - name: {{ include "common.name" . }}-chown
+ command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
+ - name: db-init
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbinit.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: DB_HOST
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
+ - name: DB_PORT
+ value: {{ .Values.config.db.port | quote}}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
+ - name: DB_SCHEMA
+ value: {{ .Values.config.db.mysqlDatabase }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
+ terminationMessagePolicy: File
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /share/etc/config
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ # side car containers
+ - name: filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ name: filebeat-conf
+ - mountPath: /var/log/onap
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /usr/share/filebeat/data
+ name: {{ include "common.fullname" . }}-filebeat
+ resources:
+{{ include "common.resources" . }}
+ - name: mso-simulator
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.robotimage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /share/etc/config
+ ports:
+ - containerPort: 5000
+ resources:
+{{ include "common.resources" . }}
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: DB_HOST
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
+ - name: DB_PORT
+ value: {{ .Values.config.db.port | quote}}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
+ - name: DB_SCHEMA
+ value: {{ .Values.config.db.mysqlDatabase }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
+ - name: JAVA_TRUSTSTORE
+ value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
+ - name: SSL_KEYSTORE
+ value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
+ - name: JAVA_TRUSTSTORE_PASSWORD
+ value: {{ .Values.global.truststorePassword }}
+ - name: AUTHENTICATION
+ value: {{ .Values.global.authentication }}
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
+ ./startService.sh
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 8 }}
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/debug-logs
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /share/etc/config
+ - name: {{ include "common.fullname" . }}-certs
+ mountPath: /share/etc/certs
+ - name: {{ include "common.fullname" . }}-certs
+ mountPath: /opt/app/cmso/src/main/resources/aaf
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ items:
+ - key: logback.xml
+ path: logback.xml
+ - key: cmso.properties
+ path: cmso.properties
+ - key: cadi.properties
+ path: cadi.properties
+ - key: optimizer.properties
+ path: optimizer.properties
+ - key: ticketmgt.properties
+ path: ticketmgt.properties
+ - key: liquibase.properties
+ path: liquibase.properties
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-filebeat
+ emptyDir: {}
+ - name: filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-cmso-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-certs
+ secret:
+ secretName: {{ include "common.release" . }}-{{ .Values.global.commonConfigPrefix }}-certs
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2018-2019 AT&T
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: # global defaults
+ nodePortPrefix: 302
+
+subChartsOnly:
+ enabled: true
+
+# application image
+image: onap/optf-cmso-service:2.3.0
+robotimage: onap/optf-cmso-robot:2.3.0
+pullPolicy: Always
+
+#init container image
+dbinit:
+ image: onap/optf-cmso-dbinit:2.3.0
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: cmso-db-user-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.user }}'
+ password: '{{ .Values.config.db.password }}'
+ passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+
+
+service:
+ type: ClusterIP
+ name: oof-cmso
+ portName: cmso
+ internalPort: 8080
+ externalPort: 8080
+ #nodePort: 23
+ # as of 20181022 port 23 is reserved for cmso
+ # see https://wiki.onap.org/display/DW/OOM+NodePort+List
+
+
+config:
+ db:
+ port: 3306
+# rootPassword: pass
+# rootPasswordExternalSecret: some secret
+ user: cmso-admin
+ password: pass
+# userCredentialsExternalSecret: some-secret
+# host: host
+# container: container
+# mysqlDatabase: cmso
+ optimizer_host: oof-cmso-optimizer
+ optimizer_port: 7997
+
+ingress:
+ enabled: false
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1.2Gi
+ requests:
+ cpu: 10m
+ memory: 800Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 1.2Gi
+ requests:
+ cpu: 10m
+ memory: 800Mi
+ unlimited: {}
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+#-------------------------------------------------------------------------------
+# ============LICENSE_START==============================================
+# Copyright (c) 2019 AT&T Intellectual Property.
+# =======================================================================
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain a
+# copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+# or implied. See the License for the specific language governing
+# permissions and limitations under the License.
+# ============LICENSE_END=================================================
+#
+#-------------------------------------------------------------------------------
+*/}}
+cadi_loglevel=DEBUG
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
+
--- /dev/null
+{{/*
+#-------------------------------------------------------------------------------
+# Copyright © 2017-2019 AT&T Intellectual Property.
+# Modifications Copyright © 2018 IBM.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the â??Licenseâ?\9d);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#-------------------------------------------------------------------------------
+*/}}
+cadi_loglevel=DEBUG
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
+aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
+
+aaf.urls=https://aaf-locate:8095
+aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
+aaf.enabled=true
+aaf.namespace=org.onap.oof
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-chown
+ command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: JAVA_TRUSTSTORE
+ value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
+ - name: SSL_KEYSTORE
+ value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
+ - name: JAVA_TRUSTSTORE_PASSWORD
+ value: {{ .Values.global.truststorePassword }}
+ - name: AUTHENTICATION
+ value: proprietary-auth
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
+ ./startService.sh
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 8 }}
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/debug-logs
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /share/etc/config
+ - name: {{ include "common.fullname" . }}-certs
+ mountPath: /share/etc/certs
+ - name: {{ include "common.fullname" . }}-certs
+ mountPath: /opt/app/cmso/src/main/resources/aaf
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ items:
+ - key: logback.xml
+ path: logback.xml
+ - key: ticketmgt.properties
+ path: ticketmgt.properties
+ - key: cadi.properties
+ path: cadi.properties
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-certs
+ secret:
+ secretName: {{ include "common.release" . }}-{{ .Values.global.commonConfigPrefix }}-certs
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright (c) 2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: # global defaults
+ nodePortPrefix: 302
+ readinessImage: onap/oom/readiness:3.0.1
+ authentication: proprietary-auth
+subChartsOnly:
+ enabled: true
+
+# application image
+image: onap/optf-cmso-ticketmgt:2.3.0
+pullPolicy: Always
+
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+
+
+service:
+ type: ClusterIP
+ name: oof-cmso-ticketmgt
+ portName: cmso-ticketmgt
+ internalPort: 7999
+ externalPort: 7999
+ #nodePort: 23
+ # as of 20181022 port 23 is reserved for cmso
+ # see https://wiki.onap.org/display/DW/OOM+NodePort+List
+
+
+config:
+
+
+ingress:
+ enabled: false
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1.2Gi
+ requests:
+ cpu: 10m
+ memory: 800Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 1.2Gi
+ requests:
+ cpu: 10m
+ memory: 800Mi
+ unlimited: {}
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+#-------------------------------------------------------------------------------
+# ============LICENSE_START==============================================
+# Copyright (c) 2019 AT&T Intellectual Property.
+# =======================================================================
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain a
+# copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+# or implied. See the License for the specific language governing
+# permissions and limitations under the License.
+# ============LICENSE_END=================================================
+#
+#-------------------------------------------------------------------------------
+*/}}
+cadi_loglevel=DEBUG
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
+
--- /dev/null
+{{/*
+#-------------------------------------------------------------------------------
+# Copyright © 2017-2019 AT&T Intellectual Property.
+# Modifications Copyright © 2018 IBM.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the â??Licenseâ?\9d);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#-------------------------------------------------------------------------------
+*/}}
+cadi_loglevel=DEBUG
+cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
+aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
+
+aaf.urls=https://aaf-locate:8095
+aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
+aaf.enabled=true
+aaf.namespace=org.onap.oof
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-chown
+ command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: JAVA_TRUSTSTORE
+ value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
+ - name: SSL_KEYSTORE
+ value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
+ - name: JAVA_TRUSTSTORE_PASSWORD
+ value: {{ .Values.global.truststorePassword }}
+ - name: AUTHENTICATION
+ value: {{ .Values.global.authentication }}
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
+ ./startService.sh
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 8 }}
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/debug-logs
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /share/etc/config
+ - name: {{ include "common.fullname" . }}-certs
+ mountPath: /share/etc/certs
+ - name: {{ include "common.fullname" . }}-certs
+ mountPath: /opt/app/cmso/src/main/resources/aaf
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ items:
+ - key: logback.xml
+ path: logback.xml
+ - key: cadi.properties
+ path: cadi.properties
+ - key: topology.properties
+ path: topology.properties
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-certs
+ secret:
+ secretName: {{ include "common.release" . }}-{{ .Values.global.commonConfigPrefix }}-certs
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: # global defaults
+ nodePortPrefix: 302
+
+subChartsOnly:
+ enabled: true
+
+# application image
+image: onap/optf-cmso-topology:2.3.0
+pullPolicy: Always
+
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+
+
+service:
+ type: ClusterIP
+ name: oof-cmso-topology
+ portName: cmso-topology
+ internalPort: 7998
+ externalPort: 7998
+ #nodePort: 23
+ # as of 20181022 port 23 is reserved for cmso
+ # see https://wiki.onap.org/display/DW/OOM+NodePort+List
+
+
+config:
+
+ingress:
+ enabled: false
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1.2Gi
+ requests:
+ cpu: 10m
+ memory: 800Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 1.2Gi
+ requests:
+ cpu: 10m
+ memory: 800Mi
+ unlimited: {}
--- /dev/null
+# Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: mariadb-galera
+ version: ~6.x-0
+ repository: '@local'
+ - name: mariadb-init
+ version: ~6.x-0
+ repository: '@local'
+ - name: oof-cmso-optimizer
+ version: ~6.x-0
+ repository: 'file://components/oof-cmso-optimizer'
+ condition: oof-cmso-optimizer.enabled
+ - name: oof-cmso-service
+ version: ~6.x-0
+ repository: 'file://components/oof-cmso-service'
+ condition: oof-cmso-service.enabled
+ - name: oof-cmso-ticketmgt
+ version: ~6.x-0
+ repository: 'file://components/oof-cmso-ticketmgt'
+ condition: oof-cmso-ticketmgt.enabled
+ - name: oof-cmso-topology
+ version: ~6.x-0
+ repository: 'file://components/oof-cmso-topology'
+ condition: oof-cmso-topology.enabled
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+ #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+ paths:
+ - /var/log/onap/*/*/*/*.log
+ - /var/log/onap/*/*/*.log
+ - /var/log/onap/*/*.log
+ #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+ ignore_older: 48h
+ # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+ clean_inactive: 96h
+
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+ #List of logstash server ip addresses with port number.
+ #But, in our case, this will be the loadbalancer IP address.
+ #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+ hosts: ["{{.Values.config.log.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.log.logstashPort}}"]
+ #If enable will do load balancing among availabe Logstash, automatically.
+ loadbalance: true
+
+ #The list of root certificates for server verifications.
+ #If certificate_authorities is empty or not set, the trusted
+ #certificate authorities of the host system are used.
+ #ssl.certificate_authorities: $ssl.certificate_authorities
+
+ #The path to the certificate for SSL client authentication. If the certificate is not specified,
+ #client authentication is not available.
+ #ssl.certificate: $ssl.certificate
+
+ #The client certificate key used for client authentication.
+ #ssl.key: $ssl.key
+
+ #The passphrase used to decrypt an encrypted key stored in the configured key file
+ #ssl.key_passphrase: $ssl.key_passphrase
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.release" . }}-cmso-filebeat-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/log/filebeat/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-certs
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
--- /dev/null
+# Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: cmso-db-root-password
+ name: &rootPassword '{{ include "common.release" . }}-cmso-db-root-password'
+ type: password
+ password: ''
+ policy: generate
+ - uid: cmso-service-db-secret
+ name: &serviceDbCreds '{{ include "common.release" . }}-cmso-service-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.service.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.service.userName }}'
+ password: '{{ .Values.config.db.service.userPassword }}'
+ passwordPolicy: generate
+ - uid: cmso-db-secret
+ name: &optimizerDbCreds '{{ include "common.release" . }}-cmso-optimizer-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.optimizer.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.optimizer.userName }}'
+ password: '{{ .Values.config.db.optimizer.userPassword }}'
+ passwordPolicy: generate
+
+mariadb-galera:
+ replicaCount: 1
+ nameOverride: &containerName cmso-db
+ service:
+ type: ClusterIP
+ name: &serviceName oof-cmso-dbhost
+ portName: cmso-dbhost
+ nfsprovisionerPrefix: cmso
+ sdnctlPrefix: cmso
+ persistence:
+ mountSubPath: cmso/data
+ enabled: true
+ disableNfsProvisioner: true
+ config:
+ mariadbRootPasswordExternalSecret: *rootPassword
+ # userCredentialsExternalSecret: *dbCreds
+ # mysqlDatabase: cmso
+ externalConfig: |
+ [mysqld]
+ lower_case_table_names = 1
+
+global:
+ commonConfigPrefix: "oof-cmso"
+ truststoreFile: "truststoreONAPall.jks"
+ keystoreFile: "org.onap.oof.jks"
+ truststorePassword:
+ authentication: aaf-auth
+
+mariadb-init:
+ mariadbGalera:
+ containerName: *containerName
+ serviceName: *serviceName
+ servicePort: 3306
+ userRootSecret: *rootPassword
+ config:
+ userCredentialsExternalSecret: *serviceDbCreds
+ mysqlDatabase: cmso
+ mysqlAdditionalDatabases:
+ optimizer:
+ externalSecret: *optimizerDbCreds
+ nameOverride: cmso-db-config
+
+flavor: small
+
+config:
+ log:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+ db:
+ service:
+ # userCredentialsExternalsecret: some secret
+ userName: cmso-admin
+ # userPassword: password
+ optimizer:
+ userName: cmso-optimizer
+
+#sub-charts configuration
+certInitializer: &certInitConfig
+ fqdn: "oof.onap"
+ app_ns: "org.osaaf.aaf"
+ fqi: "oof@oof.onap.org"
+ fqi_namespace: org.onap.oof
+ public_fqdn: "oof.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ appMountPath: /share/etc/osaaf
+ aaf_add_config: >
+ cd {{ .Values.credsPath }};
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password_jks= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1;
+ find ./ -type f -exec sed -i -e 's/\/opt\/app\/osaaf\/local/\/share\/etc\/osaaf\/local/g' {} \;
+
+oof-cmso-service:
+ enabled: true
+ certInitializer:
+ << : *certInitConfig
+ nameOverride: oof-cmso-service-cert-initializer
+ config:
+ db:
+ userCredentialsExternalSecret: *serviceDbCreds
+ host: oof-cmso-dbhost
+ container: cmso-db
+ mysqlDatabase: cmso
+
+oof-cmso-optimizer:
+ enabled: true
+ certInitializer:
+ << : *certInitConfig
+ nameOverride: oof-cmso-optimizer-cert-initializer
+ config:
+ enabled: true
+ db:
+ userCredentialsExternalSecret: *optimizerDbCreds
+ host: oof-cmso-dbhost
+ container: cmso-db
+ mysqlDatabase: optimizer
+
+oof-cmso-topology:
+ enabled: true
+ certInitializer:
+ << : *certInitConfig
+ nameOverride: oof-cmso-topology-cert-initializer
+
+oof-cmso-ticketmgt:
+ enabled: true
+ certInitializer:
+ << : *certInitConfig
+ nameOverride: oof-cmso-ticketmgt-cert-initializer
--- /dev/null
+components/
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Copyright (C) 2020 Wipro Limited.
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - oof-has-controller
+ - --container-name
+ - aaf-service
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ - name: {{ include "common.name" . }}-onboard-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-oof-has-onboard"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ - name: {{ include "common.name" . }}-has-sms-readiness
+ command:
+ - sh
+ - -c
+ - resp="FAILURE";
+ until [ $resp = "200" ]; do
+ resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
+ echo $resp;
+ sleep 2;
+ done
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.curl" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/bash","-c"]
+ args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"]
+ ports:
+ - containerPort: {{ .Values.uwsgi.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.uwsgi.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.uwsgi.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /usr/local/etc/conductor/conductor.conf
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: conductor.conf
+ - mountPath: /usr/local/bin/log.conf
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: log.conf
+ - mountPath: /usr/local/bin/AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ - name: {{ include "common.name" . }}-nginx
+ image: {{ include "repositoryGenerator.image.nginx" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ grep -v '^$' /opt/bitnami/nginx/ssl/local/org.onap.oof.crt > /tmp/oof.crt
+ cat /tmp/oof.crt /tmp/intermediate_root_ca.pem /tmp/AAF_RootCA.cer >> /opt/bitnami/nginx/org.onap.oof.crt
+ /opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ {{- if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/bitnami/nginx/conf/nginx.conf
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: nginx.conf
+ - mountPath: /tmp/AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
+ - mountPath: /tmp/intermediate_root_ca.pem
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: intermediate_root_ca.pem
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ .Values.global.commonConfigPrefix }}-config
+ configMap:
+ name: {{ .Values.global.commonConfigPrefix }}-configmap
+ items:
+ - key: nginx.conf
+ path: nginx.conf
+ - key: conductor.conf
+ path: conductor.conf
+ - key: log.conf
+ path: log.conf
+{{ include "oof.certificate.volume" . | indent 8 }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*# Copyright © 2020 Samsung, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global: # global defaults
+ nodePortPrefix: 302
+ image:
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+service:
+ type: NodePort
+ name: oof-has-api
+ externalPort: 8091
+ internalPort: 8091
+ nodePort: 75
+ portName: oof-has-api
+
+#backend container info
+uwsgi:
+ internalPort: 8080
+ingress:
+ enabled: false
+replicaCount: 1
+nodeSelector: {}
+affinity: {}
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+#sub-charts configuration
+certInitializer:
+ nameOverride: oof-has-cert-initializer
+ fqdn: "oof.onap"
+ app_ns: "org.osaaf.aaf"
+ fqi: "oof@oof.onap.org"
+ fqi_namespace: org.onap.oof
+ public_fqdn: "oof.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ appMountPath: /opt/bitnami/nginx/ssl
+ aaf_add_config: >
+ chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key;
+
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "oof-has-api.onap"
+ name: "oof-has-api"
+ port: 8091
+ config:
+ ssl: "redirect"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - music-springboot
+ - --container-name
+ - aaf-sms
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ - name: {{ include "common.name" . }}-onboard-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-oof-has-onboard"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ - name: {{ include "common.name" . }}-cont-sms-readiness
+ command:
+ - sh
+ - -c
+ - resp="FAILURE";
+ until [ $resp = "200" ]; do
+ resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
+ echo $resp;
+ sleep 2;
+ done
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.curl" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - python
+ args:
+ - /usr/local/bin/conductor-controller
+ - --config-file=/usr/local/bin/conductor.conf
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if .Values.liveness.enabled }}
+ livenessProbe:
+ exec:
+ command:
+ - cat
+ - /usr/local/bin/healthy.sh
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ exec:
+ command:
+ - cat
+ - /usr/local/bin/healthy.sh
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /usr/local/bin/conductor.conf
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: conductor.conf
+ - mountPath: /usr/local/bin/log.conf
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: log.conf
+ - mountPath: /usr/local/bin/healthy.sh
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: healthy.sh
+ - mountPath: /usr/local/bin/AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ .Values.global.commonConfigPrefix }}-config
+ configMap:
+ name: {{ .Values.global.commonConfigPrefix }}-configmap
+ items:
+ - key: conductor.conf
+ path: conductor.conf
+ - key: log.conf
+ path: log.conf
+ - key: healthy.sh
+ path: healthy.sh
+{{ include "oof.certificate.volume" . | indent 8 }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global:
+ image:
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+ingress:
+ enabled: false
+replicaCount: 1
+nodeSelector: {}
+affinity: {}
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - music-springboot
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ - name: {{ include "common.name" . }}-onboard-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-oof-has-onboard"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ - name: {{ include "common.name" . }}-health-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-oof-has-healthcheck"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ - name: {{ include "common.name" . }}-data-sms-readiness
+ command:
+ - sh
+ - -c
+ - resp="FAILURE";
+ until [ $resp = "200" ]; do
+ resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
+ echo $resp;
+ sleep 2;
+ done
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.curl" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - python
+ args:
+ - /usr/local/bin/conductor-data
+ - --config-file=/usr/local/bin/conductor.conf
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if .Values.liveness.enabled }}
+ livenessProbe:
+ exec:
+ command:
+ - cat
+ - /usr/local/bin/healthy.sh
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ exec:
+ command:
+ - cat
+ - /usr/local/bin/healthy.sh
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /usr/local/bin/conductor.conf
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: conductor.conf
+ - mountPath: /usr/local/bin/log.conf
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: log.conf
+ - mountPath: /usr/local/bin/healthy.sh
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: healthy.sh
+ - mountPath: /usr/local/bin/aai_cert.cer
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: aai_cert.cer
+ - mountPath: /usr/local/bin/aai_key.key
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: aai_key.key
+ - mountPath: /usr/local/bin/AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ .Values.global.commonConfigPrefix }}-config
+ configMap:
+ name: {{ .Values.global.commonConfigPrefix }}-configmap
+ items:
+ - key: conductor.conf
+ path: conductor.conf
+ - key: log.conf
+ path: log.conf
+ - key: healthy.sh
+ path: healthy.sh
+ - key: aai_cert.cer
+ path: aai_cert.cer
+ - key: aai_key.key
+ path: aai_key.key
+{{ include "oof.certificate.volume" . | indent 8 }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global:
+ image:
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+ingress:
+ enabled: false
+replicaCount: 1
+nodeSelector: {}
+affinity: {}
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - music-springboot
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ - name: {{ include "common.name" . }}-onboard-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-oof-has-onboard"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ - name: {{ include "common.name" . }}-health-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-oof-has-healthcheck"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ - name: {{ include "common.name" . }}-resrv-sms-readiness
+ command:
+ - sh
+ - -c
+ - resp="FAILURE";
+ until [ $resp = "200" ]; do
+ resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" .}}:10443/v1/sms/domain/has/secret);
+ echo $resp;
+ sleep 2;
+ done
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.curl" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - python
+ args:
+ - /usr/local/bin/conductor-reservation
+ - --config-file=/usr/local/bin/conductor.conf
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if .Values.liveness.enabled }}
+ livenessProbe:
+ exec:
+ command:
+ - cat
+ - /usr/local/bin/healthy.sh
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ readinessProbe:
+ exec:
+ command:
+ - cat
+ - /usr/local/bin/healthy.sh
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ {{ end -}}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /usr/local/bin/conductor.conf
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: conductor.conf
+ - mountPath: /usr/local/bin/log.conf
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: log.conf
+ - mountPath: /usr/local/bin/healthy.sh
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: healthy.sh
+ - mountPath: /usr/local/bin/AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ .Values.global.commonConfigPrefix }}-config
+ configMap:
+ name: {{ .Values.global.commonConfigPrefix }}-configmap
+ items:
+ - key: conductor.conf
+ path: conductor.conf
+ - key: log.conf
+ path: log.conf
+ - key: healthy.sh
+ path: healthy.sh
+{{ include "oof.certificate.volume" . | indent 8 }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global:
+ image:
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+ingress:
+ enabled: false
+replicaCount: 1
+nodeSelector: {}
+affinity: {}
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - music-springboot
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ - name: {{ include "common.name" . }}-onboard-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-oof-has-onboard"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ - name: {{ include "common.name" . }}-health-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-oof-has-healthcheck"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ - name: {{ include "common.name" . }}-solvr-sms-readiness
+ command:
+ - sh
+ - -c
+ - resp="FAILURE";
+ until [ $resp = "200" ]; do
+ resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
+ echo $resp;
+ sleep 2;
+ done
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.curl" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - python
+ args:
+ - /usr/local/bin/conductor-solver
+ - --config-file=/usr/local/bin/conductor.conf
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if .Values.liveness.enabled }}
+ livenessProbe:
+ exec:
+ command:
+ - cat
+ - /usr/local/bin/healthy.sh
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ exec:
+ command:
+ - cat
+ - /usr/local/bin/healthy.sh
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /usr/local/bin/conductor.conf
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: conductor.conf
+ - mountPath: /usr/local/bin/log.conf
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: log.conf
+ - mountPath: /usr/local/bin/healthy.sh
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: healthy.sh
+ - mountPath: /usr/local/bin/AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ .Values.global.commonConfigPrefix }}-config
+ configMap:
+ name: {{ .Values.global.commonConfigPrefix }}-configmap
+ items:
+ - key: conductor.conf
+ path: conductor.conf
+ - key: log.conf
+ path: log.conf
+ - key: healthy.sh
+ path: healthy.sh
+{{ include "oof.certificate.volume" . | indent 8 }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global:
+ image:
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+ingress:
+ enabled: false
+replicaCount: 1
+nodeSelector: {}
+affinity: {}
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: music
+ version: ~6.x-0
+ repository: '@local'
+ - name: oof-has-api
+ version: ~6.x-0
+ repository: 'file://components/oof-has-api'
+ condition: oof-has-api.enabled
+ - name: oof-has-controller
+ version: ~6.x-0
+ repository: 'file://components/oof-has-controller'
+ condition: oof-has-controller.enabled
+ - name: oof-has-data
+ version: ~6.x-0
+ repository: 'file://components/oof-has-data'
+ condition: oof-has-data.enabled
+ - name: oof-has-reservation
+ version: ~6.x-0
+ repository: 'file://components/oof-has-reservation'
+ condition: oof-has-reservation.enabled
+ - name: oof-has-solver
+ version: ~6.x-0
+ repository: 'file://components/oof-has-solver'
+ condition: oof-has-solver.enabled
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware, Intel Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+[DEFAULT]
+
+#
+# From conductor
+#
+
+# Configuration file for WSGI definition of API. (string value)
+api_paste_config = /usr/local/etc/conductor/api_paste.ini
+
+# Music keyspace for content (string value)
+#keyspace = conductor
+
+# Delay time (Seconds) for MUSIC requests. Set it to 2 seconds by default.
+# (integer value)
+#delay_time = 2
+
+# (boolean value)
+#HPA_enabled = true
+
+#
+# From oslo.log
+#
+
+# If set to true, the logging level will be set to DEBUG instead of the default
+# INFO level. (boolean value)
+# Note: This option can be changed without restarting.
+#debug = false
+debug = true
+
+# The name of a logging configuration file. This file is appended to any
+# existing logging configuration files. For details about logging configuration
+# files, see the Python logging module documentation. Note that when logging
+# configuration files are used then all logging configuration is set in the
+# configuration file and other logging configuration options are ignored (for
+# example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
+# Deprecated group/name - [DEFAULT]/log_config
+#log_config_append = <None>
+log_config_append = /usr/local/bin/log.conf
+
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set. (string
+# value)
+#log_date_format = %Y-%m-%d %H:%M:%S
+
+# (Optional) Name of log file to send logging output to. If no default is set,
+# logging will go to stderr as defined by use_stderr. This option is ignored if
+# log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logfile
+#log_file = <None>
+
+# (Optional) The base directory used for relative log_file paths. This option
+# is ignored if log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logdir
+#log_dir = <None>
+
+# Uses logging handler designed to watch file system. When log file is moved or
+# removed this handler will open a new log file with specified path
+# instantaneously. It makes sense only if log_file option is specified and
+# Linux platform is used. This option is ignored if log_config_append is set.
+# (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and will be
+# changed later to honor RFC5424. This option is ignored if log_config_append
+# is set. (boolean value)
+#use_syslog = false
+
+# Enable journald for logging. If running in a systemd environment you may wish
+# to enable journal support. Doing so will use the journal native protocol
+# which includes structured metadata in addition to log messages.This option is
+# ignored if log_config_append is set. (boolean value)
+#use_journal = false
+
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
+#syslog_log_facility = LOG_USER
+
+# Use JSON formatting for logging. This option is ignored if log_config_append
+# is set. (boolean value)
+#use_json = false
+
+# Log output to standard error. This option is ignored if log_config_append is
+# set. (boolean value)
+#use_stderr = false
+
+# Format string to use for log messages with context. (string value)
+#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
+
+# Format string to use for log messages when context is undefined. (string
+# value)
+#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
+
+# Additional data to append to log message when logging level for the message
+# is DEBUG. (string value)
+#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
+
+# Prefix each line of exception output with this format. (string value)
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
+
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is ignored
+# if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
+
+# Enables or disables publication of error events. (boolean value)
+#publish_errors = false
+
+# The format for an instance that is passed with the log message. (string
+# value)
+#instance_format = "[instance: %(uuid)s] "
+
+# The format for an instance UUID that is passed with the log message. (string
+# value)
+#instance_uuid_format = "[instance: %(uuid)s] "
+
+# Interval, number of seconds, of log rate limiting. (integer value)
+#rate_limit_interval = 0
+
+# Maximum number of logged messages per rate_limit_interval. (integer value)
+#rate_limit_burst = 0
+
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG
+# or empty string. Logs with level greater or equal to rate_limit_except_level
+# are not filtered. An empty string means that all levels are filtered. (string
+# value)
+#rate_limit_except_level = CRITICAL
+
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
+
+[auth]
+appkey = ""
+
+[aaf_api]
+
+#
+# From conductor
+#
+
+# is_aaf_enabled. (boolean value)
+is_aaf_enabled = true
+
+# aaf_cache_expiry_hrs. (integer value)
+aaf_cache_expiry_hrs = 3
+
+# aaf_url. (string value)
+aaf_url = https://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}/authz/perms/user/
+
+# aaf_cert_file. (string value)
+#aaf_cert_file = <None>
+
+# aaf_cert_key_file. (string value)
+#aaf_cert_key_file = <None>
+
+# aaf_ca_bundle_file. (string value)
+#aaf_ca_bundle_file =
+aaf_ca_bundle_file = /usr/local/bin/AAF_RootCA.cer
+
+# aaf_retries. (integer value)
+#aaf_retries = 3
+
+# aaf_timeout. (integer value)
+#aaf_timeout = 100
+
+# aaf_user_roles. (list value)
+#aaf_permissions = {"type": "org.onap.oof.access","instance": "*","action": "*"}
+
+
+[aaf_sms]
+
+#
+# From conductor
+#
+
+# Base URL for SMS, up to and not including the version, and without a trailing
+# slash. (string value)
+aaf_sms_url = https://{{.Values.config.sms.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sms.port}}
+
+
+# Timeout for SMS API Call (integer value)
+#aaf_sms_timeout = 30
+
+# Path to the cacert that will be used to verify If this is None, verify will
+# be False and the server certis not verified by the client. (string value)
+#aaf_ca_certs = AAF_RootCA.cer
+aaf_ca_certs = /usr/local/bin/AAF_RootCA.cer
+
+# Domain UUID - A unique UUID generated when the domainfor HAS is created by
+# administrator during deployment (string value)
+#secret_domain = has
+
+
+[aai]
+
+#
+# From conductor
+#
+
+# Interval with which to refresh the local cache, in minutes. (integer value)
+#cache_refresh_interval = 1440
+cache_refresh_interval = 1
+
+# Interval with which to refresh the local complex cache, in minutes. (integer
+# value)
+#complex_cache_refresh_interval = 1440
+complex_cache_refresh_interval = 60
+
+# Data Store table prefix. (string value)
+#table_prefix = aai
+
+# Base URL for A&AI, up to and not including the version, and without a
+# trailing slash. (string value)
+server_url = https://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai
+
+# Timeout for A&AI Rest Call (string value)
+#aai_rest_timeout = 30
+
+# Number of retry for A&AI Rest Call (string value)
+#aai_retries = 3
+
+# The version of A&AI in v# format. (string value)
+server_url_version = v19
+
+# SSL/TLS certificate file in pem format. This certificate must be registered
+# with the A&AI endpoint. (string value)
+certificate_file =
+
+# Private Certificate Key file in pem format. (string value)
+certificate_key_file =
+
+# Certificate Authority Bundle file in pem format. Must contain the appropriate
+# trust chain for the Certificate file. (string value)
+#certificate_authority_bundle_file = certificate_authority_bundle.pem
+certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+
+# Username for AAI. (string value)
+username = OOF
+
+# Password for AAI. (string value)
+password = OOF
+
+
+[api]
+
+#
+# From conductor
+#
+
+# Toggle Pecan Debug Middleware. (boolean value)
+#pecan_debug = false
+
+# Default maximum number of items returned by API request. (integer value)
+# Minimum value: 1
+#default_api_return_limit = 100
+
+[conductor_api]
+
+#
+# From conductor
+#
+
+# Base URL for plans. (string value)
+#server_url =
+
+# username for plans. (string value)
+#username =
+username = admin1
+
+# password for plans. (string value)
+#password =
+password = plan.15
+
+# auth toggling. (boolean value)
+basic_auth_secure = true
+
+
+[controller]
+
+#
+# From conductor
+#
+
+# Timeout for planning requests. Default value is 10. (integer value)
+# Minimum value: 1
+#timeout = 10
+timeout = 200
+
+# Maximum number of result sets to return. Default value is 1. (integer value)
+# Minimum value: 1
+#limit = 1
+
+# Number of workers for controller service. Default value is 1. (integer value)
+# Minimum value: 1
+#workers = 1
+
+# Set to True when controller will run in active-active mode. When set to
+# False, controller will flush any abandoned messages at startup. The
+# controller always restarts abandoned template translations at startup.
+# (boolean value)
+#concurrent = false
+concurrent = true
+
+# Time between checking for new plans. Default value is 1. (integer value)
+# Minimum value: 1
+#polling_interval = 1
+
+# (integer value)
+# Minimum value: 1
+#max_translation_counter = 1
+
+# (string value)
+opt_schema_file = /opt/has/conductor/etc/conductor/opt_schema.json
+
+[data]
+
+#
+# From conductor
+#
+
+# Number of workers for data service. Default value is 1. (integer value)
+# Minimum value: 1
+#workers = 1
+
+# Set to True when data will run in active-active mode. When set to False, data
+# will flush any abandoned messages at startup. (boolean value)
+#concurrent = false
+concurrent = true
+
+# Default value is -8000, which is the diameter of the earth. The distance
+# cannot larger than this value (floating point value)
+#existing_placement_cost = -8000.0
+
+# (floating point value)
+#cloud_candidate_cost = 2.0
+
+# (floating point value)
+#service_candidate_cost = 1.0
+
+
+[inventory_provider]
+
+#
+# From conductor
+#
+
+# Extensions list to use (list value)
+extensions = aai,generator
+
+
+[messaging_server]
+
+#
+# From conductor
+#
+
+# Music keyspace for messages (string value)
+#keyspace = conductor_rpc
+
+# Wait interval while checking for a message response. Default value is 1
+# second. (integer value)
+# Minimum value: 1
+#check_interval = 1
+
+# Overall message response timeout. Default value is 120 seconds. (integer
+# value)
+# Minimum value: 1
+#response_timeout = 120
+
+# Timeout for detecting a VM is down, and other VMs can pick the plan up.
+# Default value is 5 minutes. (integer value) (integer value)
+# Minimum value: 1
+timeout = 300
+
+# Number of workers for messaging service. Default value is 1. (integer value)
+# Minimum value: 1
+#workers = 1
+
+# Time between checking for new messages. Default value is 1. (integer value)
+# Minimum value: 1
+#polling_interval = 1
+
+# Log debug messages. Default value is False. (boolean value)
+#debug = false
+
+
+[multicloud]
+
+#
+# From conductor
+#
+
+# Base URL for Multicloud without a trailing slash. (string value)
+#server_url = http://msb.onap.org/api/multicloud
+server_url = http://{{.Values.config.msb.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.msb.port}}/api/multicloud
+
+# Timeout for Multicloud Rest Call (string value)
+#multicloud_rest_timeout = 30
+
+# Number of retry for Multicloud Rest Call (string value)
+#multicloud_retries = 3
+
+# The version of Multicloud API. (string value)
+#server_url_version = v0
+
+
+[music_api]
+
+#
+# From conductor
+#
+
+# Base URL for Music REST API without a trailing slash. (string value)
+#server_url = http://oof-has-music:8080/MUSIC/rest/v2
+server_url = https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2
+version = v2
+
+# DEPRECATED: List of hostnames (round-robin access) (list value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Use server_url instead
+#hostnames = <None>
+
+# DEPRECATED: Port (integer value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Use server_url instead
+#port = <None>
+
+# DEPRECATED: Path (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: Use server_url instead
+#path = <None>
+
+# Socket connection timeout (floating point value)
+#connect_timeout = 3.05
+
+# Socket read timeout (floating point value)
+#read_timeout = 12.05
+
+# Lock timeout (integer value)
+#lock_timeout = 10
+
+# Replication factor (integer value)
+#replication_factor = 1
+replication_factor = 1
+
+# Use mock API (boolean value)
+#mock = false
+
+# (string value)
+#music_topology = SimpleStrategy
+
+# Name of the first data center (string value)
+#first_datacenter_name = <None>
+
+# Number of replicas in first data center (integer value)
+#first_datacenter_replicas = <None>
+
+# Name of the second data center (string value)
+#second_datacenter_name = <None>
+
+# Number of replicas in second data center (integer value)
+#second_datacenter_replicas = <None>
+
+# Name of the third data center (string value)
+#third_datacenter_name = <None>
+
+# Number of replicas in third data center (integer value)
+#third_datacenter_replicas = <None>
+
+# new or old version (boolean value)
+#music_new_version = <None>
+music_new_version = True
+
+# for version (string value)
+#music_version = <None>
+music_version = "3.2.40"
+
+# username value that used for creating basic authorization header (string
+# value)
+#aafuser = <None>
+aafuser = conductor
+
+# password value that used for creating basic authorization header (string
+# value)
+#aafpass = <None>
+aafpass = c0nduct0r
+
+# AAF namespace field used in MUSIC request header (string value)
+#aafns = <None>
+aafns = conductor
+
+# Enabling HTTPs mode (boolean value)
+enable_https_mode = True
+
+# Certificate Authority Bundle file in pem format. Must contain the appropriate
+# trust chain for the Certificate file. (string value)
+certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+
+
+[prometheus]
+
+#
+# From conductor
+#
+
+# Prometheus Metrics Endpoint (list value)
+#metrics_port = 8000,8001,8002,8003,8004
+
+
+[reservation]
+
+#
+# From conductor
+#
+
+# Number of workers for reservation service. Default value is 1. (integer
+# value)
+# Minimum value: 1
+#workers = 1
+
+# Number of times reservation/release should be attempted. (integer value)
+#reserve_retries = 1
+
+# Timeout for detecting a VM is down, and other VMs can pick the plan up and
+# resereve. Default value is 600 seconds. (integer value) (integer value)
+# Minimum value: 1
+#timeout = 600
+
+# Set to True when reservation will run in active-active mode. When set to
+# False, reservation will restart any orphaned reserving requests at startup.
+# (boolean value)
+#concurrent = false
+concurrent = true
+
+# (integer value)
+# Minimum value: 1
+#max_reservation_counter = 1
+
+
+[sdnc]
+
+#
+# From conductor
+#
+
+# Interval with which to refresh the local cache, in minutes. (integer value)
+#cache_refresh_interval = 1440
+
+# Data Store table prefix. (string value)
+#table_prefix = sdnc
+
+# Base URL for SDN-C, up to and including the version. (string value)
+server_url = https://controller:8443/restconf/
+
+# Basic Authentication Username (string value)
+#username = <None>
+username = admin
+
+# Basic Authentication Password (string value)
+#password = <None>
+password = Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+# Timeout for SDNC Rest Call (string value)
+#sdnc_rest_timeout = 30
+
+# Retry Numbers for SDNC Rest Call (string value)
+#sdnc_retries = 3
+
+[service_controller]
+
+#
+# From conductor
+#
+
+# Extensions list to use (list value)
+#extensions = sdnc
+
+
+[solver]
+
+#
+# From conductor
+#
+
+# Number of workers for solver service. Default value is 1. (integer value)
+# Minimum value: 1
+#workers = 1
+
+# The timeout value for solver service. Default value is 480 seconds. (integer
+# value)
+# Minimum value: 1
+#solver_timeout = 480
+
+# Set to True when solver will run in active-active mode. When set to False,
+# solver will restart any orphaned solving requests at startup. (boolean value)
+#concurrent = false
+concurrent = true
+
+# Timeout for detecting a VM is down, and other VMs can pick the plan up. This
+# value should be larger than solver_timeoutDefault value is 10 minutes.
+# (integer value) (integer value)
+# Minimum value: 1
+#timeout = 600
+
+# (integer value)
+# Minimum value: 1
+#max_solver_counter = 1
+
+
+[vim_controller]
+
+#
+# From conductor
+#
+
+# Extensions list to use (list value)
+#extensions = multicloud
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+*/}}
+#!/bin/bash
+{{/*
+# Controller is a process that reads from Music Q
+# It uses no ports (TCP or HTTP). The PROB will check
+# if the controller process exists or not. In case
+# it exists, it will send 0, else send 1 so k8s can i
+# restart the container
+*/}}
+
+pid="$(pgrep -f '/usr/local/bin/conductor')"
+if [ -z "$pid" ]
+then
+ echo 1
+else
+ echo 0
+fi
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+[loggers]
+keys=root
+
+[handlers]
+keys=trfhand,consoleHandler,audithand,metrichand,errhand,debughand
+
+[logger_root]
+level=NOTSET
+handlers=trfhand,consoleHandler,audithand,metrichand,errhand,debughand
+
+[handler_consoleHandler]
+class=StreamHandler
+level=INFO
+formatter=generic
+args=(sys.stdout,)
+
+[handler_trfhand]
+class=handlers.TimedRotatingFileHandler
+level=NOTSET
+formatter=generic
+args=('/var/log/conductor/application.log','midnight', 1, 10)
+
+[handler_audithand]
+class=handlers.TimedRotatingFileHandler
+level=INFO
+formatter=audit
+args=('/var/log/conductor/audit.log', 'midnight', 1, 10)
+
+[handler_metrichand]
+class=handlers.TimedRotatingFileHandler
+level=INFO
+formatter=metric
+args=('/var/log/conductor/metric.log','midnight', 1, 10)
+
+[handler_errhand]
+class=handlers.TimedRotatingFileHandler
+level=ERROR
+formatter=error
+args=('/var/log/conductor/error.log','midnight', 1, 10)
+
+[handler_debughand]
+class=handlers.TimedRotatingFileHandler
+level=DEBUG
+formatter=generic
+args=('/var/log/conductor/debug.log','midnight', 1, 10)
+
+[formatters]
+keys=generic,audit,metric,error
+
+[formatter_audit]
+format=%(asctime)s|%(asctime)s|00000000-0000-0000-0000-000000000000||%(thread)d||Conductor|N/A|COMPLETE|200|sucessful||%(levelname)s|||0|%(module)s|||||||||%(name)s : [-] %(message)s
+datefmt=
+
+[formatter_metric]
+format=%(asctime)s|%(asctime)s|00000000-0000-0000-0000-000000000000||%(thread)d||Conductor|N/A|N/A|N/A|COMPLETE|200|sucessful||%(levelname)s|||0|%(module)s||||||||||%(name)s : [-] %(message)s
+datefmt=
+
+[formatter_error]
+format=%(asctime)s|00000000-0000-0000-0000-000000000000|%(thread)d|Conductor|N/A|N/A|N/A|ERROR|500|N/A|%(name)s : [-] %(message)s
+datefmt=
+
+[formatter_generic]
+format=%(asctime)s||%(thread)d|%(levelname)s|%(module)s|%(name)s: [-] %(message)s
+datefmt=
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+ #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+ paths:
+ - /var/log/onap/*/*/*/*.log
+ - /var/log/onap/*/*/*.log
+ - /var/log/onap/*/*.log
+ #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+ ignore_older: 48h
+ # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+ clean_inactive: 96h
+
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
--- /dev/null
+events {
+ worker_connections 768;
+ # multi_accept on;
+}
+
+http {
+ # ...
+ upstream conductor_uwsgi {
+ server 127.0.0.1:8080;
+ }
+
+ server {
+
+ listen 8091 ssl;
+ server_name oof;
+ ssl_certificate /opt/bitnami/nginx/org.onap.oof.crt;
+ ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+ ssl_ciphers HIGH:!aNULL:!MD5;
+
+ location / {
+ include /opt/bitnami/nginx/conf/uwsgi_params;
+ uwsgi_pass conductor_uwsgi;
+
+ uwsgi_param Host $host;
+ uwsgi_param X-Real-IP $remote_addr;
+ uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
+ uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto;
+ }
+ }
+}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Values.global.commonConfigPrefix }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-healthcheck
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - oof-has-api
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-healthcheck
+ command:
+ - "/bin/sh"
+ - "-c"
+ - |
+ echo "INSERT HEALTHCHECK PLAN";
+ sleep 15;
+ resp="FAILURE";
+ until [ $resp = "200" ]; do
+ resp=$(curl -k -s -o /dev/null --write-out %{http_code} -X POST https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/keyspaces/conductor/tables/plans/rows?id=healthcheck \
+ -H "Content-Type: application/json" \
+ -H "ns: conductor" \
+ -H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" \
+ --data @healthcheck.json);
+ echo $resp;
+ sleep 2;
+ done;
+ workingDir: /has
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /has/healthcheck.json
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: healthcheck.json
+ resources:
+{{ include "common.resources" . | indent 10 }}
+ nodeSelector:
+ {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ .Values.global.commonConfigPrefix }}-config
+ configMap:
+ name: {{ .Values.global.commonConfigPrefix }}-configmap
+ items:
+ - key: healthcheck.json
+ path: healthcheck.json
+ restartPolicy: OnFailure
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-onboard
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - "music-springboot"
+ - --container-name
+ - "music-cassandra"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-music-cassandra-job-config"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-music-db-readiness
+ containers:
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-onboard
+ command:
+ - "/bin/sh"
+ - "-c"
+ - |
+ echo "job-onboard"
+ workingDir: /has
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /has/onboard.json
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: onboard.json
+ resources:
+{{ include "common.resources" . | indent 10 }}
+ nodeSelector:
+ {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ .Values.global.commonConfigPrefix }}-config
+ configMap:
+ name: {{ .Values.global.commonConfigPrefix }}-configmap
+ items:
+ - key: onboard.json
+ path: onboard.json
+ restartPolicy: OnFailure
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware
+# Modifications Copyright © 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ commonConfigPrefix: onap-oof-has
+ image:
+ optf_has: onap/optf-has:2.1.2
+ persistence:
+ enabled: true
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+pullPolicy: Always
+nodePortPrefix: 302
+dataRootDir: /dockerdata-nfs
+config:
+ aaf:
+ serviceName: aaf-service
+ port: 8100
+ aai:
+ serviceName: aai
+ port: 8443
+ msb:
+ serviceName: msb-iag
+ port: 80
+ music:
+ serviceName: music
+ port: 8443
+ sms:
+ serviceName: aaf-sms
+ port: 10443
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 2Gi
+ cpu: 1000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+
+#component overrides
+oof-has-api:
+ enabled: true
+ certSecret: *oof-certs
+oof-has-controller:
+ enabled: true
+ certSecret: *oof-certs
+oof-has-data:
+ enabled: true
+ certSecret: *oof-certs
+oof-has-reservation:
+ enabled: true
+ certSecret: *oof-certs
+oof-has-solver:
+ enabled: true
+ certSecret: *oof-certs
+
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP OOF helm templates
+name: oof-templates
+version: 6.0.0
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+
--- /dev/null
+{{- define "oof.certificate.volume" -}}
+- name: {{ include "common.fullname" . }}-onap-certs
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "oof-onap-certs") }}
+ items:
+ - key: aaf_root_ca.cer
+ path: aaf_root_ca.cer
+ - key: intermediate_root_ca.pem
+ path: intermediate_root_ca.pem
+{{- end -}}
+
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
+ - name: oof-cmso
+ version: ~6.x-0
+ repository: 'file://components/oof-cmso'
+ condition: oof-cmso.enabled
+ - name: oof-has
+ version: ~6.x-0
+ repository: 'file://components/oof-has'
+ condition: oof-has.enabled
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://components/oof-templates'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
+RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
+MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
+A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
+neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
+o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
+nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
+v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
+15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
+gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
+M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
+BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
+AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
+ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
+u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
+QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
+8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
+kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
+aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
+uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
+tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
+BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
+-----END CERTIFICATE-----
+
+++ /dev/null
-osdf_system:
- libpath: /opt/app/osdf/libs
- osdf_ports:
- internal: 8699 # inside the Docker container, the app listens to this port
- external: 8698 # clients use this port on DockerHost
- osdf_ip_default: 0.0.0.0
-# # Important Note: At deployment time, we need to ensure the port mapping is done
- ssl_context: ['/opt/app/ssl_cert/org.onap.oof.crt', '/opt/app/ssl_cert/org.onap.oof.key']
-
-osdf_temp: # special configuration required for "workarounds" or testing
- local_policies:
- global_disabled: True
- local_placement_policies_enabled: True
- local_slice_selection_policies_enabled: True
- placement_policy_dir_vcpe: "./test/policy-local-files/"
- placement_policy_files_vcpe: # workaroud for policy platform glitches (or "work-arounds" for other components)
- - Affinity_vCPE_1.json
- - Attribute_vNS_1.json
- #- Capacity_vGMuxInfra.json
- #- Capacity_vG_1.json
- - Distance_vG_1.json
- - Distance_vGMuxInfra_1.json
- - hpa_policy_vG_1.json
- - hpa_policy_vGMuxInfra_1.json
- - Placement_Optimization_1.json
- - QueryPolicy_vCPE.json
- - vnfPolicy_vG.json
- - vnfPolicy_vGMuxInfra.json
- placement_policy_dir_vfw: "./test/policy-local-files/"
- placement_policy_files_vfw: # workaroud for policy platform glitches (or "work-arounds" for other components)
- #- Capacity_vFW_1.json
- - Distance_vFW_1.json
- - hpa_policy_vFW_1.json
- - Placement_Optimization_1.json
- - QueryPolicy_vFW.json
- - vnfPolicy_vFW.json
- placement_policy_dir_vfw_td: "./test/policy-local-files/"
- placement_policy_files_vfw_td:
- - vnfPolicy_vFW_TD.json
- - vnfPolicy_vPGN_TD.json
- - affinity_vFW_TD.json
- - QueryPolicy_vFW_TD.json
-
- slice_selection_policy_dir_urllc_1: "./test/policy-local-files/"
- slice_selection_policy_files_urllc_1:
- - vnfPolicy_URLLC_Core_1.json
- - thresholdPolicy_URLLC_Core_1.json
- - subscriber_policy_URLLC_1.json
-
-service_info:
- vCPE:
- vcpeHostName: requestParameters.vcpeHostName
- e2eVpnKey: requestParameters.e2eVpnKey
- vFW:
- vcpeHostName: requestParameters.vcpeHostName
- e2eVpnKey: requestParameters.e2eVpnKey
-
-references:
- service_name:
- source: request
- value: serviceInfo.serviceName
- resource:
- source: request
- value: placementInfo.placementDemands.resourceModuleName
- subscriber_role:
- source: onap.policies.optimization.SubscriberPolicy
- value: properties.properties.subscriberRole
-
-policy_info:
- prioritization_attributes:
- policy_type:
- - type
- resources:
- - properties.resources
- - properties.objectiveParameter.parameterAttributes.resources
- service_name:
- - properties.services
-
- slice_selection:
- policy_fetch: by_scope
- policy_scope:
- -
- scope:
- - OSDF_FRANKFURT
- services:
- - get_param: service_name
-
- placement:
- policy_fetch: by_scope
- policy_scope:
- -
- scope:
- - OSDF_FRANKFURT
- geography:
- - US
- services:
- - get_param: service_name
- resources:
- - get_param: resource
- # -
- # - get_param: service_name
- # - get_param: subscriber_role
- default: # if no explicit service related information is needed
- policy_fetch: by_name
- policy_scope: none
--- /dev/null
+osdf_system:
+ libpath: /opt/app/osdf/libs
+ osdf_ports:
+ internal: 8699 # inside the Docker container, the app listens to this port
+ external: 8698 # clients use this port on DockerHost
+ osdf_ip_default: 0.0.0.0
+# # Important Note: At deployment time, we need to ensure the port mapping is done
+ ssl_context: ['/opt/osdf/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key']
+
+osdf_temp: # special configuration required for "workarounds" or testing
+ local_policies:
+ global_disabled: True
+ local_placement_policies_enabled: True
+ local_slice_selection_policies_enabled: True
+ placement_policy_dir_vcpe: "./test/policy-local-files/"
+ placement_policy_files_vcpe: # workaroud for policy platform glitches (or "work-arounds" for other components)
+ - Affinity_vCPE_1.json
+ - Attribute_vNS_1.json
+ #- Capacity_vGMuxInfra.json
+ #- Capacity_vG_1.json
+ - Distance_vG_1.json
+ - Distance_vGMuxInfra_1.json
+ - hpa_policy_vG_1.json
+ - hpa_policy_vGMuxInfra_1.json
+ - Placement_Optimization_1.json
+ - QueryPolicy_vCPE.json
+ - vnfPolicy_vG.json
+ - vnfPolicy_vGMuxInfra.json
+ placement_policy_dir_vfw: "./test/policy-local-files/"
+ placement_policy_files_vfw: # workaroud for policy platform glitches (or "work-arounds" for other components)
+ #- Capacity_vFW_1.json
+ - Distance_vFW_1.json
+ - hpa_policy_vFW_1.json
+ - Placement_Optimization_1.json
+ - QueryPolicy_vFW.json
+ - vnfPolicy_vFW.json
+ placement_policy_dir_vfw_td: "./test/policy-local-files/"
+ placement_policy_files_vfw_td:
+ - vnfPolicy_vFW_TD.json
+ - vnfPolicy_vPGN_TD.json
+ - affinity_vFW_TD.json
+ - QueryPolicy_vFW_TD.json
+ slice_selection_policy_dir_embb-nst: "./test/policy-local-files/slice-selection-files/"
+ slice_selection_policy_files_embb-nst:
+ - query_policy_nsi.json
+ - threshold_policy_nsi.json
+ - vnf_policy_nsi_shared_case.json
+
+service_info:
+ vCPE:
+ vcpeHostName: requestParameters.vcpeHostName
+ e2eVpnKey: requestParameters.e2eVpnKey
+ vFW:
+ vcpeHostName: requestParameters.vcpeHostName
+ e2eVpnKey: requestParameters.e2eVpnKey
+
+references:
+ service_name:
+ source: request
+ value: serviceInfo.serviceName
+ resource:
+ source: request
+ value: placementInfo.placementDemands.resourceModuleName
+ subscriber_role:
+ source: onap.policies.optimization.SubscriberPolicy
+ value: properties.properties.subscriberRole
+ resource_sharing_level:
+ source: request
+ value: serviceProfile.resourceSharingLevel
+ slice_scope:
+ source: request
+ value: slice_scope
+ reuse_preference:
+ source: request
+ value: preferReuse
+
+policy_info:
+ prioritization_attributes:
+ policy_type:
+ - type
+ resources:
+ - properties.resources
+ - properties.objectiveParameter.parameterAttributes.resources
+ service_name:
+ - properties.services
+
+ slice_selection:
+ policy_fetch: by_scope
+ policy_scope:
+ -
+ scope:
+ - get_param: slice_scope
+ services:
+ - get_param: service_name
+ resources:
+ - get_param: service_name
+
+ subnet_selection:
+ policy_fetch: by_scope
+ policy_scope:
+ - scope:
+ - OSDF_GUILIN
+ services:
+ - get_param: service_name
+ resources:
+ - get_param: service_name
+
+ placement:
+ policy_fetch: by_scope
+ policy_scope:
+ -
+ scope:
+ - OSDF_FRANKFURT
+ geography:
+ - US
+ services:
+ - get_param: service_name
+ resources:
+ - get_param: resource
+ # -
+ # - get_param: service_name
+ # - get_param: subscriber_role
+ default: # if no explicit service related information is needed
+ policy_fetch: by_name
+ policy_scope: none
+
+PCI:
+ ML:
+ average_ho_threshold: 10000
+ latest_ho_threshold: 500
+ DES:
+ service_id: ho_metric
+ filter:
+ interval: 10
+ ml_enabled: false
--- /dev/null
+version: 1
+disable_existing_loggers: True
+
+loggers:
+ error:
+ handlers: [error_handler, console_handler]
+ level: "WARN"
+ propagate: True
+ debug:
+ handlers: [debug_handler, console_handler]
+ level: "DEBUG"
+ propagate: True
+ metrics:
+ handlers: [metrics_handler, console_handler]
+ level: "INFO"
+ propagate: True
+ audit:
+ handlers: [audit_handler, console_handler]
+ level: "INFO"
+ propagate: True
+handlers:
+ debug_handler:
+ level: "DEBUG"
+ class: "logging.handlers.TimedRotatingFileHandler"
+ filename: "logs/debug.log"
+ formatter: "debugFormat"
+ when: midnight
+ interval: 1
+ utc: True
+ delay: False
+ backupCount: 10
+ error_handler:
+ level: "WARN"
+ class: "logging.handlers.TimedRotatingFileHandler"
+ filename: "logs/error.log"
+ formatter: "errorFormat"
+ when: midnight
+ interval: 1
+ utc: True
+ delay: False
+ backupCount: 10
+ metrics_handler:
+ level: "INFO"
+ class: "logging.handlers.TimedRotatingFileHandler"
+ filename: "logs/metrics.log"
+ formatter: "metricsFormat"
+ when: midnight
+ interval: 1
+ utc: True
+ delay: False
+ backupCount: 10
+ audit_handler:
+ level: "INFO"
+ class: "logging.handlers.TimedRotatingFileHandler"
+ filename: "logs/audit.log"
+ formatter: "auditFormat"
+ when: midnight
+ interval: 1
+ utc: True
+ delay: False
+ backupCount: 10
+ console_handler:
+ level: "DEBUG"
+ class: "logging.StreamHandler"
+ formatter: "metricsFormat"
+
+formatters:
+ standard:
+ format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
+ debugFormat:
+ format: "%(mdc)s"
+ datefmt: "%Y-%m-%dT%H:%M:%S"
+ mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{server}|%(levelname)s|%(message)s"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+ errorFormat:
+ format: "%(mdc)s"
+ datefmt: "%Y-%m-%dT%H:%M:%S"
+ mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{serviceName}|{partnerName}\
+ |{targetEntity}|{targetServiceName}|%(levelname)s|{errorCode}|{errorDescription}|%(message)s"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+ auditFormat:
+ format: "%(mdc)s"
+ datefmt: "%Y-%m-%dT%H:%M:%S"
+ mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\
+ |%(threadName)s|{server}|{serviceName}|{partnerName}|{statusCode}|{responseCode}|{responseDescription}\
+ |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\
+ |{processKey}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+ metricsFormat:
+ format: "%(mdc)s"
+ datefmt: "%Y-%m-%dT%H:%M:%S"
+ mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\
+ |%(threadName)s|{server}|{serviceName}|{partnerName}|{targetEntity}|{targetServiceName}|{statusCode}|{responseCode}|{responseDescription}\
+ |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\
+ |{processKey}|{TargetVirtualEntity}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+ mdcFormat:
+ format: "%(asctime)s.%(msecs)03d+00:00|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s"
+ mdcfmt: "{requestID} {invocationID} {serviceName} {serverIPAddress}"
+ (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+
--- /dev/null
+placementVersioningEnabled: {{ .Values.config.placementVersioningEnabled }}
+
+# Placement API latest version numbers to be set in HTTP header
+placementMajorVersion: {{ .Values.config.placementMajorVersion }}
+placementMinorVersion: {{ .Values.config.placementMinorVersion }}
+placementPatchVersion: {{ .Values.config.placementPatchVersion }}
+
+# Placement API default version numbers to be set in HTTP header
+placementDefaultMajorVersion: {{ .Values.config.placementDefaultMajorVersion }}
+placementDefaultMinorVersion: {{ .Values.config.placementDefaultMinorVersion }}
+placementDefaultPatchVersion: {{ .Values.config.placementDefaultPatchVersion }}
+
+# Credentials for Conductor
+conductorUrl: {{ .Values.config.conductorUrl }}
+conductorPingWaitTime: {{ .Values.config.conductorPingWaitTime }}
+conductorMaxRetries: {{ .Values.config.conductorMaxRetries }}
+# versions to be set in HTTP header
+conductorMinorVersion: {{ .Values.config.conductorMinorVersion }}
+
+# Policy Platform -- requires ClientAuth, Authorization, and Environment
+policyPlatformUrl: {{ .Values.config.policyPlatformUrl }}
+policyPlatformEnv: {{ .Values.config.policyPlatformEnv }}
+
+# Credentials for DMaaP
+messageReaderHosts: {{ .Values.config.messageReaderHosts }}
+messageReaderTopic: {{ .Values.config.messageReaderTopic }}
+
+# Credentials for SDC
+sdcUrl: {{ .Values.config.sdcUrl }}
+sdcONAPInstanceID: {{ .Values.config.sdcONAPInstanceID }}
+
+is_aaf_enabled: {{ .Values.config.is_aaf_enabled }}
+aaf_cache_expiry_mins: {{ .Values.config.aaf_cache_expiry_mins }}
+aaf_url: {{ .Values.config.aaf_url }}
+aaf_user_roles:
+ {{- range .Values.config.aaf_user_roles }}
+ - {{ . }}
+ {{- end }}
+
+# Secret Management Service from AAF
+aaf_sms_url: {{ .Values.config.aaf_sms_url }}.{{ include "common.namespace" . }}:{{ .Values.config.aaf_sms_port }}
+aaf_sms_timeout: {{ .Values.config.aaf_sms_timeout }}
+secret_domain: {{ .Values.config.secret_domain }}
+aaf_ca_certs: {{ .Values.config.aaf_ca_certs }}
+
+# config db api
+configDbUrl: {{ .Values.config.configDbUrl }}
+configDbGetCellListUrl: {{ .Values.config.configDbGetCellListUrl }}
+configDbGetNbrListUrl: {{ .Values.config.configDbGetNbrListUrl }}
+
+# AAI api
+aaiUrl: {{ .Values.config.aaiUrl }}
+aaiGetLinksUrl: {{ .Values.config.aaiGetLinksUrl }}
+aaiServiceInstanceUrl : {{ .Values.config.aaiServiceInstanceUrl }}
+aaiGetControllersUrl: {{ .Values.config.aaiGetControllersUrl }}
+controllerQueryUrl: {{ .Values.config.controllerQueryUrl }}
+aaiGetInterDomainLinksUrl: {{ .Values.config.aaiGetInterDomainLinksUrl }}
+
+#DES api
+desUrl: {{ .Values.config.desUrl }}
+desApiPath: {{ .Values.config.desApiPath }}
+desHeaders:
+ Accept: application/json
+ Content-Type: application/json
+desUsername: {{ .Values.config.desUsername }}
+desPassword: {{ .Values.config.desPassword }}
+
+#key
+appkey: ''
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
-BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow
-XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6
-REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR
-UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ
-IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB
-HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+
-LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH
-hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib
-AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB
-Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze
-81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ
-MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw
-ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv
-bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw
-Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv
-b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw
-aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v
-cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt
-cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU
-FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20
-/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My
-7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X
-koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L
-mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5
-GsHFjQ==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
-MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
-neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
-o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
-nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
-v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
-15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
-gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
-M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
-BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
-AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
-ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
-u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
-+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
-QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
-8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
-kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
-aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
-uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
-tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
-BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
-
-
+++ /dev/null
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ
-ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+
-CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8
-MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK
-GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH
-KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g
-uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q
-MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V
-SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0
-XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY
-Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0
-0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe
-FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430
-XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd
-8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD
-Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx
-Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF
-nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh
-iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32
-ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h
-MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+
-2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w
-9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY
-vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY
-ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC
-h+G1ZXD4PyjI6KWhRC3JuA==
------END PRIVATE KEY-----
\ No newline at end of file
+++ /dev/null
-placementVersioningEnabled: {{ .Values.config.placementVersioningEnabled }}
-
-# Placement API latest version numbers to be set in HTTP header
-placementMajorVersion: {{ .Values.config.placementMajorVersion }}
-placementMinorVersion: {{ .Values.config.placementMinorVersion }}
-placementPatchVersion: {{ .Values.config.placementPatchVersion }}
-
-# Placement API default version numbers to be set in HTTP header
-placementDefaultMajorVersion: {{ .Values.config.placementDefaultMajorVersion }}
-placementDefaultMinorVersion: {{ .Values.config.placementDefaultMinorVersion }}
-placementDefaultPatchVersion: {{ .Values.config.placementDefaultPatchVersion }}
-
-# Credentials for Conductor
-conductorUrl: {{ .Values.config.conductorUrl }}
-conductorPingWaitTime: {{ .Values.config.conductorPingWaitTime }}
-conductorMaxRetries: {{ .Values.config.conductorMaxRetries }}
-# versions to be set in HTTP header
-conductorMinorVersion: {{ .Values.config.conductorMinorVersion }}
-
-# Policy Platform -- requires ClientAuth, Authorization, and Environment
-policyPlatformUrl: {{ .Values.config.policyPlatformUrl }}
-policyPlatformEnv: {{ .Values.config.policyPlatformEnv }}
-
-# Credentials for DMaaP
-messageReaderHosts: {{ .Values.config.messageReaderHosts }}
-messageReaderTopic: {{ .Values.config.messageReaderTopic }}
-
-# Credentials for SDC
-sdcUrl: {{ .Values.config.sdcUrl }}
-sdcONAPInstanceID: {{ .Values.config.sdcONAPInstanceID }}
-
-is_aaf_enabled: {{ .Values.config.is_aaf_enabled }}
-aaf_cache_expiry_mins: {{ .Values.config.aaf_cache_expiry_mins }}
-aaf_url: {{ .Values.config.aaf_url }}
-aaf_user_roles:
- {{- range .Values.config.aaf_user_roles }}
- - {{ . }}
- {{- end }}
-
-# Secret Management Service from AAF
-aaf_sms_url: {{ .Values.config.aaf_sms_url }}.{{ include "common.namespace" . }}:{{ .Values.config.aaf_sms_port }}
-aaf_sms_timeout: {{ .Values.config.aaf_sms_timeout }}
-secret_domain: {{ .Values.config.secret_domain }}
-aaf_ca_certs: {{ .Values.config.aaf_ca_certs }}
-
-# config db api
-configDbUrl: {{ .Values.config.configDbUrl }}
-configDbGetCellListUrl: {{ .Values.config.configDbGetCellListUrl }}
-configDbGetNbrListUrl: {{ .Values.config.configDbGetNbrListUrl }}
-
-#key
-appkey: ''
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T,VMware
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/conf/*").AsConfig . | indent 2 }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- policy-xacml-pdp
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- command:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.global.curlImage }}"
+ image: {{ include "repositoryGenerator.image.curl" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-osdf-sms-readiness
-
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ grep -v '^$' /opt/osdf/osaaf/local/org.onap.oof.crt > /tmp/oof.crt
+ cat /tmp/oof.crt /opt/app/ssl_cert/intermediate_root_ca.pem /opt/app/ssl_cert/aaf_root_ca.cer >> /opt/osdf/org.onap.oof.crt
+ ./osdfapp.sh -x osdfapp.py
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
name: {{ include "common.fullname" . }}-config
subPath: osdf_config.yaml
- mountPath: /opt/app/ssl_cert/aaf_root_ca.cer
- name: {{ include "common.fullname" . }}-config
+ name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
- - mountPath: /opt/app/ssl_cert/org.onap.oof.crt
- name: {{ include "common.fullname" . }}-config
- subPath: org.onap.oof.crt
- - mountPath: /opt/app/ssl_cert/org.onap.oof.key
- name: {{ include "common.fullname" . }}-config
- subPath: org.onap.oof.key
+ - mountPath: /opt/app/ssl_cert/intermediate_root_ca.pem
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: intermediate_root_ca.pem
- mountPath: /opt/osdf/config/common_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: common_config.yaml
+ - mountPath: /opt/osdf/config/log.yml
+ name: {{ include "common.fullname" . }}-config
+ subPath: log.yml
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
{{- end }}
volumes:
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
items:
- key: osdf_config.yaml
path: osdf_config.yaml
- - key: aaf_root_ca.cer
- path: aaf_root_ca.cer
- key: common_config.yaml
path: common_config.yaml
- - key: org.onap.oof.crt
- path: org.onap.oof.crt
- - key: org.onap.oof.key
- path: org.onap.oof.key
+ - key: log.yml
+ path: log.yml
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T,VMware
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
persistence: {}
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths:
+ - resources/config/certs/intermediate_root_ca.pem
+ - resources/config/certs/aaf_root_ca.cer
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
-image: onap/optf-osdf:2.0.4
+image: onap/optf-osdf:3.0.2
pullPolicy: Always
# flag to enable debugging - application support required
configDbUrl: http://config.db.url:8080
configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList'
configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList'
+ #aai api
+ aaiUrl: https://aai:8443
+ aaiGetLinksUrl: /aai/v16/network/logical-links
+ aaiServiceInstanceUrl : /aai/v20/nodes/service-instances/service-instance/
+ aaiGetControllersUrl: /aai/v19/external-system/esr-thirdparty-sdnc-list
+ controllerQueryUrl: /aai/v19/query?format=resource
+ aaiGetInterDomainLinksUrl: /aai/v19/network/logical-links?link-type=inter-domain&operational-status=up
+ #des api
+ desUrl: https://des.url:9000
+ desApiPath: /datalake/v1/exposure/
+ desUsername: ''
+ desPassword: ''
# default number of instances
replicaCount: 1
nodeSelector: {}
affinity: {}
# Resource Limit flavor -By Default using small
flavor: small
+
+#sub-charts configuration
+certInitializer:
+ nameOverride: oof-osdf-cert-initializer
+ fqdn: "oof.onap"
+ app_ns: "org.osaaf.aaf"
+ fqi: "oof@oof.onap.org"
+ fqi_namespace: org.onap.oof
+ public_fqdn: "oof.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ appMountPath: /opt/osdf/osaaf
+ aaf_add_config: >
+ chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key;
+
# Segregation for Different environment (Small and Large)
resources:
small:
port: 8698
config:
ssl: "redirect"
+
+#component overrides
+
+oof-cmso:
+ enabled: true
+oof-has:
+ enabled: true
+ certSecret: *oof-certs
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
--- /dev/null
+# Copyright © 2018 ZTE
+# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada
+# Modifications Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP platform components
+name: platform
+version: 6.0.0
--- /dev/null
+# Copyright © 2020 Samsung Electronics, Orange, Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+# Modifications Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+# Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Cert Service
+name: oom-cert-service
+version: 6.0.0
\ No newline at end of file
--- /dev/null
+CERTS_DIR = resources
+CURRENT_DIR := ${CURDIR}
+DOCKER_CONTAINER = generate-certs
+DOCKER_EXEC = docker exec ${DOCKER_CONTAINER}
+
+all: start_docker \
+ clear_all \
+ root_generate_keys \
+ root_create_certificate \
+ root_self_sign_certificate \
+ client_generate_keys \
+ client_generate_csr \
+ client_sign_certificate_by_root \
+ client_import_root_certificate \
+ client_convert_certificate_to_jks \
+ server_generate_keys \
+ server_generate_csr \
+ server_sign_certificate_by_root \
+ server_import_root_certificate \
+ server_convert_certificate_to_jks \
+ server_convert_certificate_to_p12 \
+ clear_unused_files \
+ stop_docker
+
+.PHONY: all
+
+# Starts docker container for generating certificates - deletes first, if already running
+start_docker:
+ @make stop_docker
+ $(eval REPOSITORY := $(shell cat ./values.yaml | grep -i "^[ \t]*repository" -m1 | xargs | cut -d ' ' -f2))
+ $(eval JAVA_IMAGE := $(shell cat ./values.yaml | grep -i "^[ \t]*certificateGenerationImage" -m1 | xargs | cut -d ' ' -f2))
+ $(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE))
+ $(eval USERNAME :=$(shell id -u))
+ $(eval GROUP :=$(shell id -g))
+ docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/app -w /app --entrypoint "sh" -td $(FULL_JAVA_IMAGE)
+
+# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted
+stop_docker:
+ docker rm ${DOCKER_CONTAINER} -f 1>/dev/null || true
+
+#Clear all files related to certificates
+clear_all:
+ @make clear_existing_certificates
+ @make clear_unused_files
+
+#Clear certificates
+clear_existing_certificates:
+ @echo "Clear certificates"
+ ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12
+ @echo "#####done#####"
+
+#Generate root private and public keys
+root_generate_keys:
+ @echo "Generate root private and public keys"
+ ${DOCKER_EXEC} keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \
+ -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \
+ -storepass secret -ext BasicConstraints:critical="ca:true"
+ @echo "#####done#####"
+
+#Export public key as certificate
+root_create_certificate:
+ @echo "(Export public key as certificate)"
+ ${DOCKER_EXEC} keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc
+ @echo "#####done#####"
+
+#Self-signed root (import root certificate into truststore)
+root_self_sign_certificate:
+ @echo "(Self-signed root (import root certificate into truststore))"
+ ${DOCKER_EXEC} keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt
+ @echo "#####done#####"
+
+#Generate certService's client private and public keys
+client_generate_keys:
+ @echo "Generate certService's client private and public keys"
+ ${DOCKER_EXEC} keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 365 \
+ -keystore certServiceClient-keystore.jks -storetype JKS \
+ -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+ -keypass secret -storepass secret
+ @echo "####done####"
+
+#Generate certificate signing request for certService's client
+client_generate_csr:
+ @echo "Generate certificate signing request for certService's client"
+ ${DOCKER_EXEC} keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr
+ @echo "####done####"
+
+#Sign certService's client certificate by root CA
+client_sign_certificate_by_root:
+ @echo "Sign certService's client certificate by root CA"
+ ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \
+ -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth"
+ @echo "####done####"
+
+#Import root certificate into client
+client_import_root_certificate:
+ @echo "Import root certificate into intermediate"
+ ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceClientByRoot.crt"
+ @echo "####done####"
+
+#Import signed certificate into certService's client
+client_convert_certificate_to_jks:
+ @echo "Import signed certificate into certService's client"
+ ${DOCKER_EXEC} keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt
+ @echo "####done####"
+
+#Generate certService private and public keys
+server_generate_keys:
+ @echo "Generate certService private and public keys"
+ ${DOCKER_EXEC} keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 365 \
+ -keystore certServiceServer-keystore.jks -storetype JKS \
+ -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+ -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
+ @echo "####done####"
+
+#Generate certificate signing request for certService
+server_generate_csr:
+ @echo "Generate certificate signing request for certService"
+ ${DOCKER_EXEC} keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr
+ @echo "####done####"
+
+#Sign certService certificate by root CA
+server_sign_certificate_by_root:
+ @echo "Sign certService certificate by root CA"
+ ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
+ -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \
+ -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost"
+ @echo "####done####"
+
+#Import root certificate into server
+server_import_root_certificate:
+ @echo "Import root certificate into intermediate(server)"
+ ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceServerByRoot.crt"
+ @echo "####done####"
+
+#Import signed certificate into certService
+server_convert_certificate_to_jks:
+ @echo "Import signed certificate into certService"
+ ${DOCKER_EXEC} keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \
+ -storepass secret -noprompt
+ @echo "####done####"
+
+#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)
+server_convert_certificate_to_p12:
+ @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
+ ${DOCKER_EXEC} keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \
+ -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
+ @echo "#####done#####"
+
+#Clear unused certificates
+clear_unused_files:
+ @echo "Clear unused certificates"
+ ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr
+ @echo "#####done#####"
--- /dev/null
+ # Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*# Copyright © 2020, Nokia
+# Modifications Copyright © 2020, Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.*/}}
+
+{{- if .Values.global.cmpv2Enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ volumes:
+{{- if .Values.global.addTestingComponents }}
+ - name: cmp-servers-template-volume
+ secret:
+ secretName: {{ .Values.cmpServers.secret.name }}
+ - name: {{ .Values.cmpServers.volume.name }}
+ emptyDir:
+ medium: Memory
+{{- else }}
+ - name: {{ .Values.cmpServers.volume.name }}
+ secret:
+ secretName: {{ .Values.cmpServers.secret.name }}
+{{- end }}
+ - name: {{ .Values.tls.server.volume.name }}
+ secret:
+ secretName: {{ .Values.tls.server.secret.name }}
+{{- if .Values.global.addTestingComponents }}
+ initContainers:
+ - name: wait-for-ejbca
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - ejbca-ejbca
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ - name: subsitute-envs
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ['sh', '-c', "cd /config-input && envsubst < cmpServers.json > {{ .Values.cmpServers.volume.mountPath }}/cmpServers.json"]
+ volumeMounts:
+ - name: cmp-servers-template-volume
+ mountPath: /config-input
+ readOnly: true
+ - name: {{ .Values.cmpServers.volume.name }}
+ mountPath: {{ .Values.cmpServers.volume.mountPath }}
+ readOnly: false
+ env:
+ - name: CLIENT_IAK
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 14 }}
+ - name: CLIENT_RV
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-client-rv" "key" "password") | indent 14 }}
+ - name: RA_IAK
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 14 }}
+ - name: RA_RV
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-ra-rv" "key" "password") | indent 14 }}
+{{- end }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ env:
+ - name: HTTPS_PORT
+ value: "{{ .Values.envs.httpsPort }}"
+ - name: KEYSTORE_PATH
+ value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.jksName }}"
+ - name: KEYSTORE_P12_PATH
+ value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.p12Name }}"
+ - name: TRUSTSTORE_PATH
+ value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.jksName }}"
+ - name: ROOT_CERT
+ value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.crtName }}"
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 14 }}
+ - name: TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 14 }}
+ livenessProbe:
+ exec:
+ command:
+ - /bin/bash
+ - -c
+ - {{ .Values.liveness.command }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ readinessProbe:
+ exec:
+ command:
+ - /bin/bash
+ - -c
+ - {{ .Values.readiness.command }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - name: {{ .Values.cmpServers.volume.name }}
+ mountPath: {{ .Values.cmpServers.volume.mountPath }}
+ readOnly: false
+ - name: {{ .Values.tls.server.volume.name }}
+ mountPath: {{ .Values.tls.server.volume.mountPath }}
+ readOnly: true
+ resources: {{ include "common.resources" . | nindent 12 }}
+{{ end -}}
--- /dev/null
+{{/*
+ # Copyright © 2020, Nokia
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+*/}}
+
+{{- if .Values.global.offlineDeploymentBuild }}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "common.repository" . }}/{{ .Values.certificateGenerationImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{ end -}}
--- /dev/null
+{{/*# Copyright © 2020, Nokia
+# Modifications Copyright © 2020, Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.*/}}
+
+{{- if .Values.global.cmpv2Enabled }}
+{{ include "common.secretFast" . }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.cmpServers.secret.name }}
+type: Opaque
+data:
+{{ if .Values.global.addTestingComponents }}
+ {{ (.Files.Glob "resources/test/cmpServers.json").AsSecrets }}
+{{ else }}
+ {{ (.Files.Glob "resources/default/cmpServers.json").AsSecrets }}
+{{ end }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.global.certService.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }}
+type: Opaque
+data:
+ certServiceClient-keystore.jks:
+ {{ (.Files.Glob "resources/certServiceClient-keystore.jks").AsSecrets }}
+ truststore.jks:
+ {{ (.Files.Glob "resources/truststore.jks").AsSecrets }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.tls.server.secret.name }}
+type: Opaque
+data:
+ certServiceServer-keystore.jks:
+ {{ (.Files.Glob "resources/certServiceServer-keystore.jks").AsSecrets }}
+ certServiceServer-keystore.p12:
+ {{ (.Files.Glob "resources/certServiceServer-keystore.p12").AsSecrets }}
+ truststore.jks:
+ {{ (.Files.Glob "resources/truststore.jks").AsSecrets }}
+ root.crt:
+ {{ (.Files.Glob "resources/root.crt").AsSecrets }}
+{{ end -}}
\ No newline at end of file
--- /dev/null
+{{/*# Copyright © 2020, Nokia
+# Modifications Copyright © 2020, Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.*/}}
+{{- if .Values.global.cmpv2Enabled }}
+ {{ include "common.service" . }}
+{{ end -}}
\ No newline at end of file
--- /dev/null
+# Copyright © 2020, Nokia
+# Modifications Copyright © 2020, Nordix Foundation, Orange
+# Modifications Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Global
+global:
+ nodePortPrefix: 302
+ persistence:
+ enabled: true
+ # Standard OOM
+ pullPolicy: "Always"
+ repository: "nexus3.onap.org:10001"
+ offlineDeploymentBuild: false
+
+
+# Service configuration
+service:
+ type: ClusterIP
+ ports:
+ - name: http
+ port: 8443
+ port_protocol: http
+
+# Certificates generation configuration
+certificateGenerationImage: onap/integration-java11:7.1.0
+
+# Deployment configuration
+repository: "nexus3.onap.org:10001"
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
+pullPolicy: Always
+replicaCount: 1
+
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
+readiness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 0.5
+ memory: 1Gi
+ requests:
+ cpu: 0.2
+ memory: 512Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 2Gi
+ requests:
+ cpu: 0.4
+ memory: 1Gi
+ unlimited: {}
+
+
+# Application configuration
+cmpServers:
+ secret:
+ name: oom-cert-service-secret
+ volume:
+ name: oom-cert-service-volume
+ mountPath: /etc/onap/oom/certservice
+
+tls:
+ server:
+ secret:
+ name: oom-cert-service-server-tls-secret
+ volume:
+ name: oom-cert-service-server-tls-volume
+ mountPath: /etc/onap/oom/certservice/certs/
+ client:
+ secret:
+ defaultName: oom-cert-service-client-tls-secret
+
+envs:
+ keystore:
+ jksName: certServiceServer-keystore.jks
+ p12Name: certServiceServer-keystore.p12
+ truststore:
+ jksName: truststore.jks
+ crtName: root.crt
+ httpsPort: 8443
+
+# External secrets with credentials can be provided to override default credentials defined below,
+# by uncommenting and filling appropriate *ExternalSecret value
+credentials:
+ tls:
+ keystorePassword: secret
+ truststorePassword: secret
+ #keystorePasswordExternalSecret:
+ #truststorePasswordExternalSecret:
+ # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
+ cmp:
+ # Used only if cmpv2 testing is enabled
+ clientIakExternalSecret: '{{ include "common.release" . }}-ejbca-client-iak'
+ #clientRvExternalSecret:
+ raIakExternalSecret: '{{ include "common.release" . }}-ejbca-ra-iak'
+ #raRvExternalSecret:
+ client: {}
+ # iak: mypassword
+ # rv: unused
+ ra: {}
+ # iak: mypassword
+ # rv: unused
+
+secrets:
+ - uid: keystore-password
+ name: '{{ include "common.release" . }}-keystore-password'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}'
+ password: '{{ .Values.credentials.tls.keystorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ name: '{{ include "common.release" . }}-truststore-password'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}'
+ password: '{{ .Values.credentials.tls.truststorePassword }}'
+ passwordPolicy: required
+ # Below values are relevant only if global addTestingComponents flag is enabled
+ - uid: ejbca-server-client-iak
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}'
+ password: '{{ .Values.credentials.cmp.client.iak }}'
+ - uid: cmp-config-client-rv
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}'
+ password: '{{ .Values.credentials.cmp.client.rv }}'
+ - uid: ejbca-server-ra-iak
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}'
+ password: '{{ .Values.credentials.cmp.ra.iak }}'
+ - uid: cmp-config-ra-rv
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
+ password: '{{ .Values.credentials.cmp.ra.rv }}'
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: oom-cert-service
+ version: ~6.x-0
+ repository: 'file://components/oom-cert-service'
\ No newline at end of file
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 AT&T
+# Modifications Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+
+global:
+ nodePortPrefix: 302
+ persistence:
+ enabled: true
+ # Standard OOM
+ pullPolicy: "Always"
+
+ cmpv2Enabled: true
+ addTestingComponents: false
+
+ certService:
+ certServiceClient:
+ secret:
+ name: oom-cert-service-client-tls-secret
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+flavor: small
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 350
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 150
+ periodSeconds: 10
+
+persistence: {}
+
+resources: {}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP DCAE PNDA
-name: pnda
-version: 6.0.0
+++ /dev/null
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-description: ONAP DCAE PNDA Bootstrap
-name: dcae-pnda-bootstrap
-version: 6.0.0
+++ /dev/null
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-infrastructure :
- # infrastructure used for pnda deployment
- # Valid Values are:
- # - aws
- # - openstack
- # - existing-machines
- # - terraform
- INFRASTRUCTURE_TYPE: openstack
-
- # The user name to use when logging into the instances
- # For aws target user-name allowed :
- # Target AWS Openstack
- #
- # Distro Redhat: ec2-user cloud-user
- # CentOS: centos cloud-user
- OS_USER: {{ .Values.pnda.osUser }}
-
- # CIDR specifying the address range for the network containing all PNDA instances
- networkCidr: {{ .Values.pnda.networkCidr }}
-
-openstack_parameters:
- # KEYSTONE_USER: Username for the openstack clients to use
- KEYSTONE_USER: {{ .Values.openstack.keystoneUser }}
-
- # KEYSTONE_PASSWORD: Password for the openstack clients to use
- KEYSTONE_PASSWORD: {{ .Values.openstack.keystonePassword }}
-
- # KEYSTONE_TENANT: Name of the tenant / project in the openstack environment. The
- # PNDA stack will be created in this project.
- KEYSTONE_TENANT: {{ .Values.openstack.keystoneTenant }}
-
- # KEYSTONE_AUTH_URL: Keystone authentication URL. The Openstack console provides this
- # under the Access & Security section.
- KEYSTONE_AUTH_URL: {{ .Values.openstack.keystoneAuthUrl }}
-
- # KEYSTONE_AUTH_VERSION: Keystone authentication version. The Openstack console provides this
- # under the Access & Security section.
- KEYSTONE_AUTH_VERSION: '2'
-
- # KEYSTONE_REGION_NAME: Keystone region. The Openstack console provides this
- # under the Access & Security section.
- KEYSTONE_REGION_NAME: {{ .Values.openstack.keystoneRegion }}
-
- # imageId: Base image to use for the created instances. It should be created by
- # following the guide in https://github.com/pndaproject/pnda-dib-elements
- #
- imageId: {{ .Values.openstack.imageId }}
-
- # CIDR specifying the address range that may access the created PNDA instances
- whitelistSshAccess: {{ .Values.openstack.whitelistSshAccess }}
-
- # UUID of the public network in openstack to use
- externalPublicNetworkId: {{ .Values.openstack.publicNetworkId }}
-
- useExistingNetwork: {{ .Values.openstack.useExistingNetwork }}
-
- existingNetworkId: {{ .Values.openstack.existingNetworkId }}
-
- existingSubnetId: {{ .Values.openstack.existingSubnetId }}
-
- # CIDR specifying the address range for the public subnet (bastion access)
- publicSubnetCidr: {{ .Values.openstack.publicSubnetCidr }}
-
-platform_salt:
- # Use either PLATFORM_GIT_REPO_URI + PLATFORM_GIT_BRANCH or PLATFORM_SALT_LOCAL
- PLATFORM_SALT_LOCAL: /platform-salt
-
-pnda_application_repo:
- # Type of storage to use for PNDA application packages
- # s3 - AWS S3. Also set PNDA_APPS_CONTAINER, PNDA_APPS_FOLDER, PNDA_APPS_REGION, PNDA_APPS_ACCESS_KEY_ID, PNDA_APPS_SECRET_ACCESS_KEY
- # sshfs - standard file system. Also set PR_FS_LOCATION_PATH, PR_SSHFS_USER, PR_SSHFS_HOST, PR_SSHFS_PATH and PR_SSHFS_KEY
- # local - local filesystem on the package repository service server. Also set PR_FS_LOCATION_PATH.
- # swift - Openstack swift. Also set PNDA_APPS_CONTAINER and PNDA_APPS_FOLDER
- PR_FS_TYPE: {{ .Values.pnda.apps.fsType }}
-
- # S3 container to use for PNDA application packages
- PNDA_APPS_CONTAINER: {{ .Values.pnda.apps.s3container }}
-
- # Name of folder within PNDA_APPS_CONTAINER that contains the PNDA application packages
- PNDA_APPS_FOLDER: {{ .Values.pnda.apps.s3folder }}
-
- # AWS region that contains the PNDA_APPS_CONTAINER bucket
- PNDA_APPS_REGION: {{ .Values.pnda.apps.s3region }}
-
- # API key for s3 access to PNDA_APPS_CONTAINER. These keys are stored on the cloud instances so should be restricted
- # only allow access to the PNDA_APPS_CONTAINER bucket
- PNDA_APPS_ACCESS_KEY_ID: {{ .Values.pnda.apps.s3keyid }}
- PNDA_APPS_SECRET_ACCESS_KEY: {{ .Values.pnda.apps.s3secret }}
-
- # Path on file system if PR_FS_TYPE is 'local' or 'sshfs'
- PR_FS_LOCATION_PATH: {{ .Values.pnda.apps.fsLocation | print "/opt/pnda/packages" }}
-
- # SSH accessed file system to use for PNDA application packages
- PR_SSHFS_USER: centos
- PR_SSHFS_HOST: 127.0.0.1
- PR_SSHFS_PATH: /mnt/packages
- PR_SSHFS_KEY: key.pem
-
-pnda_data_archive:
- # S3 container to use for archiving PNDA datasets
- PNDA_ARCHIVE_CONTAINER: pnda-archive
-
- # AWS region that contains the PNDA_ARCHIVE_CONTAINER bucket
- PNDA_ARCHIVE_REGION: eu-west-1
-
- # API key for s3 access to PNDA_ARCHIVE_CONTAINER. These keys are stored on the cloud instances so should be restricted
- # only allow access to the PNDA_ARCHIVE_CONTAINER bucket
- PNDA_ARCHIVE_ACCESS_KEY_ID: xxxx
- PNDA_ARCHIVE_SECRET_ACCESS_KEY: xxxx
-
-ntp:
- # Optional ntp servers. Use this if the standard NTP servers on the Internet cannot be reached
- # and a local NTP server has been configured. PNDA will not work without NTP.
- # example format: 'xxx.ntp.org'
- #For REJECT_OUTBOUND="YES" then NTP server/s must.
- NTP_SERVERS:
- - {{ .Values.pnda.ntp }}
-
-dns:
- # External DNS servers list
- nameServers:
- - {{ .Values.pnda.nameserver }}
-
-mirrors:
- # Mirror of resources required for provisioning PNDA, see PNDA guide for instructions on how to set this up
- PNDA_MIRROR:
-
-hadoop:
- # Hadoop distribution to install
- # Valid values are:
- # - HDP
- # - CDH
- HADOOP_DISTRO: HDP
- # Spark version to enable for oozie (HDP only)
- # Valid values are:
- # - 1
- # - 2
- OOZIE_SPARK_VERSION: 1
-
-connectivity:
- # The IP address of the client that created PNDA
- CLIENT_IP: {{ .Values.pnda.outboundCidr }}
- # Add online repositories for yum, apt-get, pip, etc alongside PNDA mirror
- ADD_ONLINE_REPOS: "YES"
- # RPM Extras repository to enable when ADD_ONLINE_REPOS=YES
- RPM_EXTRAS_REPO_NAME: rhui-REGION-rhel-server-optional
- # RPM Optional repository to enable when ADD_ONLINE_REPOS=YES
- RPM_OPTIONAL_REPO_NAME: rhui-REGION-rhel-server-extras
-
-network_interfaces:
- PNDA_INTERNAL_NETWORK: eth0
- PNDA_INGEST_NETWORK: eth0
-
-cli:
- # Maximum number of outbound connections that the CLI will attempt to open at once
- # Consider increasing this when creating clusters with more than 100 nodes to speed
- # up PNDA creation time.
- MAX_SIMULTANEOUS_OUTBOUND_CONNECTIONS: 100
-
-security:
- # The path were to find the security material (certificate/key).
- # The directory should be structured as defined in this' repo's directory structure with the same name.
- # The security material should conform to the guidelines defined in the README.md file in
- # the containing sub directory.
- SECURITY_MATERIAL_PATH: ./platform-certificates/
-
- # Address of LDAP server
- # All instances will have PAM configured to authenticate with this LDAP server if set
- # Leave blank to disable LDAP-PAM integration
- LDAP_SERVER: ''
-
- # Base DN for LDAP server to use when enabling client PAM integration with LDAP
- LDAP_BASE_DN: dc=nodomain
-
-features:
- # Include experimental features.
- # Set to "NO", omit setting or omit features section entirely to turn off experimental features
- EXPERIMENTAL_FEATURES: "NO"
-
-domain:
- # Top-level domain
- TOP_LEVEL_DOMAIN: pnda.local
-
- # Second-level domain
- SECOND_LEVEL_DOMAIN: dc1
-
-dataset_compaction:
- # Enable/Disable compaction on datasets.
- # "YES" to enable.
- # "NO" to disable.
- COMPACTION: "NO"
- # If compaction is enabled, PATTERN sets the frequency of compaction.
- # H - hourly compaction.
- # d - daily compaction.
- # M - monthly compaction.
- # Y - yearly compaction.
- PATTERN: d
-
-datanode:
- # DATANODE_VOLUME_COUNT sets the number of data volumes on each hadoop datanode
- DATA_VOLUME_COUNT: 1
- # DEVICE_ROOT sets the disk device root name
- DEVICE_ROOT: xvdb
-
-kafka:
- # DATA_DIRS sets the data dirs on kafka node
- KAFKA_DATA_DIRS:
- - /var/kafka-logs
- # DEVICE_ROOT sets the disk device root name
- KAFKA_DEVICE_ROOT: xvdb
-
-generic:
- #GENERIC_DEVICE_ROOT sets the disk device root name for generic instances.
- GENERIC_DEVICE_ROOT: xvdb
+++ /dev/null
-#!/bin/sh
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-# Install PNDA in Openstack with Heat templates
-# Expects:
-# Input files for components to be installed in /inputs
-
-if [ "z{{ .Values.enabled }}" != "ztrue" ]
-then
- echo
- echo "PNDA bootstrap is disabled - skipping pnda-cli launch"
- echo
- exit 0
-fi
-
-set -ex
-
-CLUSTER_PREFIX="{{ include "common.release" . }}-{{ include "common.namespace" . }}-pnda"
-DATANODES="{{ .Values.pnda.dataNodes }}"
-KAFKANODES="{{ .Values.pnda.kafkaNodes }}"
-VERSION="{{ .Values.pnda.version }}"
-KEYPAIR_NAME="{{ .Values.pnda_keypair_name }}"
-KEYFILE="$KEYPAIR_NAME.pem"
-
-cd /pnda-cli
-
-cp /inputs/pnda_env.yaml .
-cp /secrets/pnda.pem $KEYFILE
-chmod 600 $KEYFILE
-
-(cd tools && ./gen-certs.py)
-
-KUBE_API="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT_HTTPS/api/v1"
-KUBE_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
-
-for i in 1 2 3 4 5 6 7 8 9
-do
- MIRROR_IP=$(curl -s $KUBE_API/namespaces/{{ include "common.namespace" . }}/pods \
- --header "Authorization: Bearer $KUBE_TOKEN" \
- --insecure | jq -r '.items[].status | select(.containerStatuses != null) | select(.containerStatuses[].ready and .containerStatuses[].name=="dcae-pnda-mirror") | .hostIP')
- MIRROR_PORT=$(curl -s $KUBE_API/namespaces/{{ include "common.namespace" . }}/services/dcae-pnda-mirror \
- --header "Authorization: Bearer $KUBE_TOKEN" \
- --insecure | jq -r '.spec.ports[] | select(.name=="dcae-pnda-mirror") | .nodePort')
-
- if [ "x${MIRROR_IP}" != "xnull" -a "x${MIRROR_PORT}" != "xnull" ]; then
- PNDA_MIRROR="http://$MIRROR_IP:$MIRROR_PORT"
- break
- fi
- sleep 5
-done
-
-[ -z "${PNDA_MIRROR}" ] && { echo "Unable to get PNDA mirror IP:PORT"; exit 1; }
-
-sed -i -e 's?CLIENT_IP/32?CLIENT_IP?' bootstrap-scripts/package-install.sh
-
-./cli/pnda-cli.py create -e $CLUSTER_PREFIX -f pico -n $DATANODES -k $KAFKANODES \
- -b $VERSION -s $KEYPAIR_NAME --set "mirrors.PNDA_MIRROR=$PNDA_MIRROR"
+++ /dev/null
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-inputs
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/inputs/*").AsConfig . | indent 2 }}
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-scripts
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/scripts/*").AsConfig . | indent 2 }}
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-secrets
- namespace: {{ include "common.namespace" . }}
-data:
- pnda.pem: |
-{{ .Values.pnda_secret | indent 4 }}
-
+++ /dev/null
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- completions: 1
- backoffLimit: 0
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- restartPolicy: Never
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - dcae-pnda-mirror
- - "-t"
- - "75"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /inputs
- name: {{ include "common.fullname" . }}-inputs
- - mountPath: /scripts
- name: {{ include "common.fullname" . }}-scripts
- - mountPath: /secrets
- name: {{ include "common.fullname" . }}-secrets
- - mountPath: /pnda-cli/cli/logs
- name: {{ include "common.fullname" . }}-logs
- command:
- - "/scripts/bootstrap.sh"
- volumes:
- - name: {{ include "common.fullname" . }}-inputs
- configMap:
- name: {{ include "common.fullname" . }}-inputs
- - name: {{ include "common.fullname" . }}-scripts
- configMap:
- name: {{ include "common.fullname" . }}-scripts
- defaultMode: 0755
- - name: {{ include "common.fullname" . }}-secrets
- configMap:
- name: {{ include "common.fullname" . }}-secrets
- - name: {{ include "common.fullname" . }}-logs
- {{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- storageClassName: manual
- capacity:
- storage: {{ .Values.persistence.size }}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2019 Amdocs, Bell Canada, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- end -}}
+++ /dev/null
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- persistence: {}
-
-#################################################################
-# PNDA configuration defaults.
-#################################################################
-
-enabled: false
-
-pnda:
- version: release/5.0
- dataNodes: 2
- kafkaNodes: 1
- osUser: centos
- nameserver: 8.8.8.8
- ntp: pool.ntp.org
- apps:
- fsType: local
- networkCidr: 10.0.0.0/16
- outboundCidr: 0.0.0.0/0
-
-pnda_keypair_name: pnda
-pnda_secret: replace-me
-
-#################################################################
-# Openstack connection params.
-#################################################################
-
-openstack:
- keystoneUser: onap
- keystonePassword: onap
- keystoneTenant: onap
- keystoneAuthUrl: 'http://10.60.18.18:5000/v2.0/'
- keystoneRegion: regionOne
- imageId: id_of_image
- publicNetworkId: id_of_public_network
- useExistingNetwork: true
- existingNetworkId: id_of_onap_network
- existingSubnetId: id_of_onap_subnet
- whitelistSshAccess: 0.0.0.0/0
- publicSubnetCidr: 10.0.0.0/24
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-
-
-repository: pndareg.ctao6.net
-image: onap/org.onap.dcaegen2.deployments.pnda-bootstrap-container:6.0.0
-pullPolicy: Always
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- accessMode: ReadWriteOnce
- size: 10Mi
- mountPath: /dockerdata-nfs
- mountSubPath: dcae-pnda-bootstrap/logs
+++ /dev/null
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-description: ONAP DCAE PNDA Mirror
-name: dcae-pnda-mirror
-version: 6.0.0
+++ /dev/null
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: 1
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
+++ /dev/null
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-
-repository: pndareg.ctao6.net
-image: onap/org.onap.dcaegen2.deployments.pnda-mirror-container:6.0.0
-pullPolicy: Always
-
-# application configuration
-# Example:
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 10
- timeoutSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 15
- periodSeconds: 10
-
-service:
- type: NodePort
- portName: dcae-pnda-mirror
- nodePort: "00"
- externalPort: 80
- internalPort: 80
-
-## Persist data to a persitent volume
-persistence:
- enabled: false
-
-ingress:
- enabled: false
-
-resources: {}
+++ /dev/null
-# ================================================================================
-# Copyright (c) 2018 Cisco Systems. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
.project
.idea/
*.tmproj
+components/
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: ONAP Policy Administration Point
+description: ONAP Policy
name: policy
version: 6.0.0
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Policy BRMS GW
-name: brmsgw
-version: 6.0.0
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#! /bin/bash
-
-PROPS_BUILD="${POLICY_HOME}/etc/build.info"
-
-PROPS_RUNTIME="${POLICY_HOME}/servers/brmsgw/config.properties"
-PROPS_INSTALL="${POLICY_HOME}/install/servers/brmsgw/config.properties"
-
-
-if [ ! -f "${PROPS_BUILD}" ]; then
- echo "error: version information does not exist: ${PROPS_BUILD}"
- exit 1
-fi
-
-source "${POLICY_HOME}/etc/build.info"
-
-if [ -z "${version}" ]; then
- echo "error: no version information present"
- exit 1
-fi
-
-for CONFIG in ${PROPS_RUNTIME} ${PROPS_INSTALL}; do
- if [ ! -f "${CONFIG}" ]; then
- echo "warning: configuration does not exist: ${CONFIG}"
- else
- sed -i -e "s/brms.dependency.version=.*/brms.dependency.version=${version}/g" "${CONFIG}"
- fi
-done
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# BRMSpep component installation configuration parameters
-BRMSGW_JMX_PORT=9989
-
-COMPONENT_X_MX_MB=1024
-COMPONENT_X_MS_MB=1024
-
-REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
-REST_PDP_ID=https://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/
-
-PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
-PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
-PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
-PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
-
-M2_HOME=/usr/share/java/maven-3
-snapshotRepositoryID=policy-nexus-snapshots
-snapshotRepositoryName=Snapshots
-snapshotRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots
-releaseRepositoryID=policy-nexus-releases
-releaseRepositoryName=Releases
-releaseRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases
-repositoryUsername=${REPOSITORY_USERNAME}
-repositoryPassword=${REPOSITORY_PASSWORD}
-UEB_URL=message-router
-UEB_TOPIC=PDPD-CONFIGURATION
-UEB_API_KEY=
-UEB_API_SECRET=
-
-groupID=org.onap.policy-engine
-artifactID=drlPDPGroup
-AMSTERDAM_GROUP_ID=org.onap.policy-engine.drools.amsterdam
-AMSTERDAM_ARTIFACT_ID=policy-amsterdam-rules
-
-# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
-resource_name=brmsgw_1
-node_type=brms_gateway
-
-#Environment should be Set either DEV, TEST or PROD
-ENVIRONMENT=TEST
-
-#Notification Properties... type can be either websocket, ueb, or dmaap
-BRMS_NOTIFICATION_TYPE=websocket
-BRMS_UEB_URL=message-router
-BRMS_UEB_TOPIC=PDPD-CONFIGURATION
-BRMS_UEB_DELAY=
-BRMS_CLIENT_ID=python
-BRMS_CLIENT_KEY=dGVzdA==
-BRMS_UEB_API_KEY=
-BRMS_UEB_API_SECRET=
-
-#Dependency.json file version
-BRMS_DEPENDENCY_VERSION=1.6.4
-BRMS_MODELS_DEPENDENCY_VERSION=2.2.6
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-pe-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
-
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
- - name: PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
- - name: REPOSITORY_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
- - name: REPOSITORY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input/pe
- name: pe-input
- - mountPath: /config-input/pe-brmsgw
- name: pe-brmsgw-input
- - mountPath: /config/pe
- name: pe
- - mountPath: /config/pe-brmsgw
- name: pe-brmsgw
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.global.pap.nameOverride }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - command:
- - /bin/bash
- - ./do-start.sh
- - brmsgw
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
- - name: PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
- - name: REPOSITORY_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
- - name: REPOSITORY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{- end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /tmp/policy-install/config/brmsgw-tweaks.sh
- name: pe-brmsgw
- subPath: brmsgw-tweaks.sh
- - mountPath: /tmp/policy-install/config/brmsgw.conf
- name: pe-brmsgw
- subPath: brmsgw.conf
- - mountPath: /tmp/policy-install/config/base.conf
- name: pe
- subPath: base.conf
- - mountPath: /tmp/policy-install/do-start.sh
- name: pe-scripts
- subPath: do-start.sh
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: pe-input
- configMap:
- name: {{ include "common.release" . }}-pe-configmap
- defaultMode: 0755
- - name: pe-scripts
- configMap:
- name: {{ include "common.release" . }}-pe-scripts-configmap
- defaultMode: 0777
- - name: pe-brmsgw-input
- configMap:
- name: {{ include "common.fullname" . }}-pe-configmap
- defaultMode: 0755
- - name: pe
- emptyDir:
- medium: Memory
- - name: pe-brmsgw
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- envsubstImage: dibi/envsubst
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
- passwordPolicy: required
- - uid: pdp-http-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
- login: '{{ .Values.pdp.pdphttpuserid }}'
- password: '{{ .Values.pdp.pdphttppassword }}'
- passwordPolicy: required
- - uid: pap-http-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
- login: '{{ .Values.pap.pdppappdphttpuserid }}'
- password: '{{ .Values.pap.pdppappdphttppassword }}'
- passwordPolicy: required
- - uid: nexus-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.nexus.nexusCredsExternalSecret) . }}'
- login: '{{ .Values.nexus.repositoryUsername }}'
- password: '{{ .Values.nexus.repositoryPassword }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- papPort: 9091
- pdpPort: 8081
- nexusPort: 8081
-
-db:
- user: policy_user
- password: policy_user
-pdp:
- pdphttpuserid: testpdp
- pdphttppassword: alpha123
-pap:
- pdppappdphttpuserid: testpap
- pdppappdphttppassword: alpha123
-nexus:
- repositoryUsername: admin
- repositoryPassword: admin123
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
-
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: brmsgw
- portName: brmsgw
- externalPort: 9989
- internalPort: 9989
- nodePort: 16
-
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 10m
- memory: 0.5Gi
- large:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 20m
- memory: 1Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Drools Policy Engine
-name: drools
-version: 6.0.0
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Policy Nexus
-name: nexus
-version: 6.0.0
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command: ["sh", "-c", "chown -R 200:200 /share"]
- image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.global.ubuntuInitImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-init
- volumeMounts:
- - mountPath: /share
- name: nexus-data
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- httpGet:
- path: {{ .Values.readiness.path }}
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /sonatype-work
- name: nexus-data
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: nexus-data
- {{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- ubuntuInitRepository: oomk8s
- ubuntuInitImage: ubuntu-init:1.0.0
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: sonatype/nexus:2.14.13-01
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 180
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 10
- path: /nexus/service/local/status
-
-service:
- type: ClusterIP
- name: nexus
- portName: nexus
- externalPort: 8081
- internalPort: 8081
- nodePort: 36
-
-ingress:
- enabled: false
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: nexus/data
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 1m
- memory: 0.5Gi
- large:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 2m
- memory: 1Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+++ /dev/null
-# Copyright © 2017-2018 Amdocs, Bell Canada.
-# Modifications Copyright (C) 2018-2020 AT&T Intellectual Property.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# JVM options
-
-JVM_OPTIONS={{.Values.server.jvmOpts}}
-
-# SYSTEM software configuration
-
-POLICY_HOME=/opt/app/policy
-POLICY_LOGS=/var/log/onap/policy/pdpd
-
-# Telemetry credentials
-
-TELEMETRY_PORT=9696
-TELEMETRY_HOST=0.0.0.0
-
-# nexus repository
-
-SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots
-SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/
-RELEASE_REPOSITORY_ID=policy-nexus-releases
-RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/
-REPOSITORY_OFFLINE={{.Values.nexus.offline}}
-
-# Relational (SQL) DB access
-
-SQL_HOST={{ .Values.global.mariadb.service.name }}
-
-# AAF
-
-AAF={{.Values.aaf.enabled}}
-AAF_NAMESPACE=org.onap.policy
-AAF_HOST=aaf-locate.{{.Release.Namespace}}
-
-# PDP-D DMaaP configuration channel
-
-PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION
-PDPD_CONFIGURATION_SERVERS=message-router
-PDPD_CONFIGURATION_CONSUMER_GROUP=
-PDPD_CONFIGURATION_CONSUMER_INSTANCE=
-PDPD_CONFIGURATION_PARTITION_KEY=
-
-# PAP-PDP configuration channel
-
-POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP
-POLICY_PDP_PAP_GROUP=defaultGroup
-
-# Symmetric Key for encoded sensitive data
-
-SYMM_KEY=
-
-# PAP
-
-PAP_HOST=policy-pap
-
-# PDP-X
-
-PDP_HOST=policy-xacml-pdp
-PDP_PORT=6969
-PDP_CONTEXT_URI=policy/pdpx/v1/
-GUARD_DISABLED=false
-
-# DCAE DMaaP
-
-DCAE_TOPIC=unauthenticated.DCAE_CL_OUTPUT
-DCAE_SERVERS=message-router
-DCAE_CONSUMER_GROUP=dcae.policy.shared
-
-# Open DMaaP
-
-DMAAP_SERVERS=message-router
-
-# AAI
-
-AAI_HOST=aai.{{.Release.Namespace}}
-AAI_PORT=8443
-AAI_CONTEXT_URI=
-
-# MSO
-
-SO_HOST=so.{{.Release.Namespace}}
-SO_PORT=8080
-SO_CONTEXT_URI=onap/so/infra/
-SO_URL=https://so.{{.Release.Namespace}}:8080/onap/so/infra
-
-# VFC
-
-VFC_HOST=
-VFC_PORT=
-VFC_CONTEXT_URI=api/nslcm/v1/
-
-# SDNC
-
-SDNC_HOST=sdnc.{{.Release.Namespace}}
-SDNC_PORT=8282
-SDNC_CONTEXT_URI=restconf/operations/
-
-# CDS
-
-CDS_GRPC_HOST={{.Values.cds.grpc.svcName}}
-CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}}
+++ /dev/null
-###
-# ============LICENSE_START=======================================================
-# feature-healthcheck
-# ================================================================================
-# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-
-http.server.services=HEALTHCHECK
-http.server.services.HEALTHCHECK.host=0.0.0.0
-http.server.services.HEALTHCHECK.port=6969
-http.server.services.HEALTHCHECK.restClasses=org.onap.policy.drools.healthcheck.RestHealthCheck
-http.server.services.HEALTHCHECK.managed=false
-http.server.services.HEALTHCHECK.swagger=true
-http.server.services.HEALTHCHECK.userName=${envd:HEALTHCHECK_USER}
-http.server.services.HEALTHCHECK.password=${envd:HEALTHCHECK_PASSWORD}
-http.server.services.HEALTHCHECK.https=true
-http.server.services.HEALTHCHECK.aaf=${envd:AAF:false}
-http.server.services.HEALTHCHECK.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler
-
-http.client.services=PAP
-
-http.client.services.PAP.host={{ .Values.global.pap.nameOverride }}
-http.client.services.PAP.port=9091
-http.client.services.PAP.contextUriPath=pap/test
-http.client.services.PAP.https=true
-http.client.services.PAP.userName=${envd:PAP_LEGACY_USERNAME}
-http.client.services.PAP.password=${envd:PAP_LEGACY_PASSWORD}
-
-http.client.services.PDP.host={{ .Values.global.pdp.nameOverride }}
-http.client.services.PDP.port=8081
-http.client.services.PDP.contextUriPath=pdp/test
-http.client.services.PDP.https=true
-http.client.services.PDP.userName=${envd:PDP_LEGACY_USERNAME}
-http.client.services.PDP.password=${envd:PDP_LEGACY_PASSWORD}
+++ /dev/null
-# Copyright 2018-2019 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-POOLING_TOPIC=POOLING
+++ /dev/null
-<!--\r
- ============LICENSE_START=======================================================\r
- Copyright (C) 2020 Bell Canada. All rights reserved.\r
- ================================================================================\r
- Licensed under the Apache License, Version 2.0 (the "License");\r
- you may not use this file except in compliance with the License.\r
- You may obtain a copy of the License at\r
- http://www.apache.org/licenses/LICENSE-2.0\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
- SPDX-License-Identifier: Apache-2.0\r
- ============LICENSE_END=========================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="30 seconds" debug="false">\r
-\r
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpd/error.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpd/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>WARN</level>\r
- </filter>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="ErrorOut" />\r
- </appender>\r
-\r
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpd/debug.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpd/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="DebugOut" />\r
- </appender>\r
-\r
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpd/network.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpd/network.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="NetworkOut" />\r
- </appender>\r
-\r
- <appender name="MetricOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpd/metric.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpd/metric.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />\r
- <encoder>\r
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncMetricOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="MetricOut" />\r
- </appender>\r
-\r
- <appender name="TransactionOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpd/audit.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpd/audit.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />\r
- <encoder>\r
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncTransactionOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="TransactionOut" />\r
- </appender>\r
-\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="STDOUT" />\r
- </appender>\r
-\r
- <appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender">\r
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />\r
- <encoder>\r
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncMetricStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="MetricStdOut" />\r
- </appender>\r
-\r
- <appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender">\r
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />\r
- <encoder>\r
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncTransactionStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="TransactionStdOut" />\r
- </appender>\r
-\r
- <logger name="network" level="INFO" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <root level="INFO">\r
- <appender-ref ref="AsyncDebugOut" />\r
- <appender-ref ref="AsyncErrorOut" />\r
- <appender-ref ref="AsyncMetricOut" />\r
- <appender-ref ref="AsyncTransactionOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- <appender-ref ref="AsyncMetricStdOut" />\r
- <appender-ref ref="AsyncTransactionStdOut" />\r
- </root>\r
-\r
-</configuration>
\ No newline at end of file
+++ /dev/null
-#!/bin/bash
-# ============LICENSE_START=======================================================
-# ONAP
-# ================================================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-policy status
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-KEYSTORE_PASSWD={{.Values.keystore.password}}
-TRUSTSTORE_PASSWD={{.Values.truststore.password}}
-
-TELEMETRY_USER={{.Values.telemetry.user}}
-TELEMETRY_PASSWORD={{.Values.telemetry.password}}
-
-REPOSITORY_USERNAME={{.Values.nexus.user}}
-REPOSITORY_PASSWORD={{.Values.nexus.password}}
-
-PDPD_CONFIGURATION_API_KEY={{.Values.dmaap.brmsgw.key}}
-PDPD_CONFIGURATION_API_SECRET={{.Values.dmaap.brmsgw.secret}}
-
-POLICY_PDP_PAP_API_KEY={{.Values.dmaap.pap.key}}
-POLICY_PDP_PAP_API_SECRET={{.Values.dmaap.pap.secret}}
-
-PAP_USERNAME={{.Values.pap.user}}
-PAP_PASSWORD={{.Values.pap.password}}
-
-PAP_LEGACY_USERNAME={{.Values.papl.user}}
-PAP_LEGACY_PASSWORD={{.Values.papl.password}}
-
-PDP_USERNAME={{.Values.pdp.user}}
-PDP_PASSWORD={{.Values.pdp.password}}
-
-PDP_LEGACY_USERNAME={{.Values.pdpl.user}}
-PDP_LEGACY_PASSWORD={{.Values.pdpl.password}}
-
-AAI_USERNAME={{.Values.aai.user}}
-AAI_PASSWORD={{.Values.aai.password}}
-
-SO_USERNAME={{.Values.so.user}}
-SO_PASSWORD={{.Values.so.password}}
-
-VFC_USERNAME={{.Values.vfc.user}}
-VFC_PASSWORD={{.Values.vfc.password}}
-
-SDNC_USERNAME={{.Values.sdnc.user}}
-SDNC_PASSWORD={{.Values.sdnc.password}}
-
-HEALTHCHECK_USER={{.Values.telemetry.user}}
-HEALTHCHECK_PASSWORD={{.Values.telemetry.password}}
-
-CDS_GRPC_USERNAME={{.Values.cds.grpc.user}}
-CDS_GRPC_PASSWORD={{.Values.cds.grpc.password}}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
-{{- with .Files.Glob "resources/configmaps/*{.zip,store}" }}
-binaryData:
-{{- range $path, $bytes := . }}
- {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
-{{- end }}
-{{- end }}
-data:
-{{ tpl (.Files.Glob "resources/configmaps/*.{conf,sh,properties,xml,keyfile}").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secret" . }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
- {{ base $path }}: {{ tpl ($.Files.Get $path) $ | b64enc | quote }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ include "common.servicename" . }}
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ include "common.release" . }}-galera-config
- - --container-name
- - {{ .Values.global.nexus.nameOverride }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- - containerPort: {{ .Values.service.externalPort2 }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{- end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: REPLICAS
- value: "{{ .Values.replicaCount }}"
- - name: SQL_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- - name: SQL_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
- - mountPath: /tmp/policy-install/config/{{ base $path }}
- name: drools-secret
- subPath: {{ base $path }}
- {{- end }}
- {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }}
- - mountPath: /tmp/policy-install/config/{{ base $path }}
- name: drools-config
- subPath: {{ base $path }}
- {{- end }}
- - mountPath: /var/log/onap
- name: policy-logs
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /usr/share/filebeat/data
- name: policy-data-filebeat
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-filebeat-configmap
- - name: policy-logs
- emptyDir: {}
- - name: policy-data-filebeat
- emptyDir: {}
- - name: drools-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- items:
- {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }}
- - key: {{ base $path }}
- path: {{ base $path }}
- mode: 0755
- {{- end }}
- - name: drools-secret
- secret:
- secretName: {{ include "common.fullname" . }}-secret
- items:
- {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
- - key: {{ base $path }}
- path: {{ base $path }}
- mode: 0644
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- ubuntuImage: ubuntu:16.04
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.7.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 180
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: drools
- portName: drools
- internalPort: 6969
- externalPort: 6969
- nodePort: 17
- internalPort2: 9696
- externalPort2: 9696
- nodePort2: 21
-
-ingress:
- enabled: false
-
-# Default installation values to be overridden
-
-server:
- jvmOpts: -server -XshowSettings:vm
-
-aaf:
- enabled: "false"
-
-keystore:
- password: Pol1cy_0nap
-
-truststore:
- password: Pol1cy_0nap
-
-telemetry:
- user: demo@people.osaaf.org
- password: demo123456!
-
-nexus:
- user: admin
- password: admin123
- port: 8081
- offline: true
-
-db:
- user: policy_user
- password: policy_user
-
-pap:
- user: healthcheck
- password: zb!XztG34
-
-pdp:
- user: healthcheck
- password: zb!XztG34
-
-papl:
- user: testpap
- password: alpha123
-
-pdpl:
- user: testpdp
- password: alpha123
-
-aai:
- user: policy@policy.onap.org
- password: demo123456!
-
-so:
- user: InfraPortalClient
- password: password1$
-
-vfc:
- user:
- password:
-
-sdnc:
- user: admin
- password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-
-dmaap:
- brmsgw:
- key:
- password:
- pap:
- key:
- password:
-
-cds:
- grpc:
- user: ccsdkapps
- password: ccsdkapps
- svcName: cds-blueprints-processor-grpc
- svcPort: 9111
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 100m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 200m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 Nordix Foundation.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-description: ONAP Policy Administration (PAP)
-name: pap
-version: 6.0.0
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 Nordix Foundation.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 Nordix Foundation.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-{
- "name":"PapGroup",
- "restServerParameters":{
- "host":"0.0.0.0",
- "port":6969,
- "userName":"${RESTSERVER_USER}",
- "password":"${RESTSERVER_PASSWORD}",
- "https": true,
- "aaf": false
- },
- "pdpParameters": {
- "heartBeatMs": 120000,
- "updateParameters": {
- "maxRetryCount": 1,
- "maxWaitMs": 30000
- },
- "stateChangeParameters": {
- "maxRetryCount": 1,
- "maxWaitMs": 30000
- }
- },
- "databaseProviderParameters": {
- "name": "PolicyProviderParameterGroup",
- "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
- "databaseDriver": "org.mariadb.jdbc.Driver",
- "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/{{ .Values.global.mariadb.config.mysqlDatabase }}",
- "databaseUser": "${SQL_USER}",
- "databasePassword": "${SQL_PASSWORD_BASE64}",
- "persistenceUnit": "PolicyMariaDb"
- },
- "topicParameterGroup": {
- "topicSources" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps": true,
- "fetchTimeout": 15000,
- "topicCommInfrastructure" : "dmaap"
- }],
- "topicSinks" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : true,
- "topicCommInfrastructure" : "dmaap"
- },
- {
- "topic" : "POLICY-NOTIFICATION",
- "servers" : [ "message-router" ],
- "useHttps" : true,
- "topicCommInfrastructure" : "dmaap"
- }]
- },
- "healthCheckRestClientParameters":[{
- "clientName": "api",
- "hostname": "policy-api",
- "port": 6969,
- "userName": "${API_USER}",
- "password": "${API_PASSWORD}",
- "useHttps": true,
- "basePath": "policy/api/v1/healthcheck"
- },
- {
- "clientName": "distribution",
- "hostname": "policy-distribution",
- "port": 6969,
- "userName": "${DISTRIBUTION_USER}",
- "password": "${DISTRIBUTION_PASSWORD}",
- "useHttps": true,
- "basePath": "healthcheck"
- }]
-}
+++ /dev/null
-<!--\r
- ============LICENSE_START=======================================================\r
- Copyright (C) 2020 Bell Canada. All rights reserved.\r
- ================================================================================\r
- Licensed under the Apache License, Version 2.0 (the "License");\r
- you may not use this file except in compliance with the License.\r
- You may obtain a copy of the License at\r
- http://www.apache.org/licenses/LICENSE-2.0\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
- SPDX-License-Identifier: Apache-2.0\r
- ============LICENSE_END=========================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="30 seconds" debug="false">\r
-\r
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pap/error.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pap/error.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>WARN</level>\r
- </filter>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="ErrorOut" />\r
- </appender>\r
-\r
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pap/debug.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pap/debug.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="DebugOut" />\r
- </appender>\r
-\r
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pap/network.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pap/network.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="NetworkOut" />\r
- </appender>\r
-\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="STDOUT" />\r
- </appender>\r
-\r
- <logger name="network" level="INFO" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <root level="INFO">\r
- <appender-ref ref="AsyncDebugOut" />\r
- <appender-ref ref="AsyncErrorOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </root>\r
-\r
-</configuration>\r
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 Nordix Foundation.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019-2020 Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
-{{- with .Files.Glob "resources/config/*store" }}
-binaryData:
-{{- range $path, $bytes := . }}
- {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
-{{- end }}
-{{- end }}
-data:
-{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }}
+++ /dev/null
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- selector: {{- include "common.selectors" . | nindent 4 }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.global.mariadb.service.name }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
-
- - command:
- - sh
- args:
- - -c
- - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: RESTSERVER_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- - name: RESTSERVER_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
- - name: API_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "login") | indent 10 }}
- - name: API_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "password") | indent 10 }}
- - name: DISTRIBUTION_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }}
- - name: DISTRIBUTION_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input
- name: papconfig
- - mountPath: /config
- name: papconfig-processed
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/opt/app/policy/pap/bin/policy-pap.sh"]
- args: ["/opt/app/policy/pap/etc/mounted/config.json"]
- ports: {{ include "common.containerPorts" . | nindent 12 }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.liveness.port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.readiness.port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /opt/app/policy/pap/etc/mounted
- name: papconfig-processed
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: papconfig
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- defaultMode: 0755
- - name: papconfig-processed
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 Nordix Foundation.
-# Modifications Copyright (C) 2019 AT&T Intellectual Property.
-# Modifications Copyright (C) 2020 Bell Canada.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-{{ include "common.service" . }}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 Nordix Foundation.
-# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
-# Modifications Copyright (C) 2020 Bell Canada.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefixExt: 304
- persistence: {}
- envsubstImage: dibi/envsubst
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
- passwordPolicy: required
- - uid: restserver-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
- login: '{{ .Values.restServer.user }}'
- password: '{{ .Values.restServer.password }}'
- passwordPolicy: required
- - uid: api-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.api.credsExternalSecret) . }}'
- login: '{{ .Values.healthCheckRestClient.api.user }}'
- password: '{{ .Values.healthCheckRestClient.api.password }}'
- passwordPolicy: required
- - uid: distribution-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
- login: '{{ .Values.healthCheckRestClient.distribution.user }}'
- password: '{{ .Values.healthCheckRestClient.distribution.password }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pap:2.3.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-
-db:
- user: policy_user
- password: policy_user
-restServer:
- user: healthcheck
- password: zb!XztG34
-healthCheckRestClient:
- api:
- user: healthcheck
- password: zb!XztG34
- distribution:
- user: healthcheck
- password: zb!XztG34
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 20
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
- port: http-api
-
-readiness:
- initialDelaySeconds: 20
- periodSeconds: 10
- port: http-api
-
-service:
- type: ClusterIP
- name: policy-pap
- useNodePortExt: true
- ports:
- - name: http-api
- port: 6969
- nodePort: 42
-
-ingress:
- enabled: false
-
-resources: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Policy PDP
-name: pdp
-version: 6.0.0
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-
-<configuration scan="true" scanPeriod="3 seconds" debug="true">
- <!--<jmxConfigurator /> -->
- <!-- specify the base path of the log directory -->
- <property name="logDir" value="/var/log/onap" />
- <!-- specify the component name -->
- <property name="componentName" value="policy" />
- <!-- specify the sub component name -->
- <property name="subComponentName" value="xacml-pdp-rest" />
- <!-- The directories where logs are written -->
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <!-- Example evaluator filter applied against console appender -->
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF Appenders -->
- <!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
- <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
- <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFMetrics" />
- </appender>
- <appender name="EELFError" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${errorLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- </appender>
- <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFError" />
- </appender>
- <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${debugLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>true</includeCallerData>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF loggers -->
- <!-- ============================================================================ -->
- <logger name="com.att.eelf.audit" level="info" additivity="false">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger name="com.att.eelf.metrics" level="info" additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
- <logger name="com.att.eelf.error" level="info" additivity="false">
- <appender-ref ref="asyncEELFError" />
- </logger>
- <logger name="com.att.eelf.debug" level="debug" additivity="false">
- <appender-ref ref="asyncEELFDebug" />
- </logger>
- <root level="INFO">
- <appender-ref ref="asyncEELFDebug" />
- </root>
-</configuration>
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#! /bin/bash
-
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# pdp component installation configuration parameters
-
-# tomcat specific parameters
-
-TOMCAT_JMX_PORT=9991
-TOMCAT_SHUTDOWN_PORT=8087
-SSL_HTTP_CONNECTOR_PORT=8081
-SSL_AJP_CONNECTOR_PORT=8381
-SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
-
-TOMCAT_X_MS_MB=1024
-TOMCAT_X_MX_MB=1024
-
-# pdp properties
-
-UEB_CLUSTER=message-router
-
-REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
-REST_PDP_ID=https://${{"{{"}}FQDN{{"}}"}}:{{.Values.service.externalPort}}/pdp/
-REST_PDP_CONFIG=/opt/app/policy/servers/pdp/bin/config
-REST_PDP_WEBAPPS=/opt/app/policy/servers/pdp/webapps
-REST_PDP_REGISTER=true
-REST_PDP_REGISTER_SLEEP=15
-REST_PDP_REGISTER_RETRIES=-1
-REST_PDP_MAXCONTENT=999999999
-
-# PDP related properties
-PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
-PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
-PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
-PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
-
-node_type=pdp_xacml
-resource_name=pdp_1
-dependency_groups=brmsgw_1
-test_via_jmx=true
-
-#
-# Notification Properties
-# Notification type: websocket, ueb or dmaap... if left blank websocket is the default
-PDP_NOTIFICATION_TYPE=websocket
-PDP_UEB_CLUSTER=
-PDP_UEB_TOPIC=
-PDP_UEB_DELAY=
-PDP_UEB_API_KEY=
-PDP_UEB_API_SECRET=
-PDP_DMAAP_AAF_LOGIN=
-PDP_DMAAP_AAF_PASSWORD=
-
-#AAF Policy Name space
-#Required only, when we use AAF
-POLICY_AAF_NAMESPACE=
-POLICY_AAF_RESOURCE=
-
-# Indeterminate resolution
-DECISION_INDETERMINATE_RESPONSE=PERMIT
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# JVM specific parameters
-LOGPARSER_JMX_PORT=9997
-LOGPARSER_X_MS_MB=1024
-LOGPARSER_X_MX_MB=1024
-
-SERVER=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort}}/pdp/
-LOGPATH=/var/log/onap/policy/pdpx/pdp-rest.log
-PARSERLOGPATH=/opt/app/policy/servers/pdplp/bin/IntegrityMonitor.log
-
-node_type=logparser
-# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
-resource_name=pdplp_1
+++ /dev/null
-
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/xacml-pdp-rest/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-pe-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "{{ include "common.servicename" . }}",
- "version": "v1",
- "url": "/pdp",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "visualRange":"1"
- },
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- sessionAffinity: None
- clusterIP: None
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ include "common.servicename" . }}
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
- - name: PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_USER_ID
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
- - name: PDP_PAP_PDP_HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input/pe
- name: pe-input
- - mountPath: /config-input/pe-pdp
- name: pe-pdp-input
- - mountPath: /config/pe
- name: pe
- - mountPath: /config/pe-pdp
- name: pe-pdp
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.global.pap.nameOverride }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - command:
- - /bin/bash
- - ./do-start.sh
- - pdp
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{- end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /tmp/policy-install/config/base.conf
- name: pe
- subPath: base.conf
- - mountPath: /tmp/policy-install/config/pdp-tweaks.sh
- name: pe-pdp-input
- subPath: pdp-tweaks.sh
- - mountPath: /tmp/policy-install/config/pdplp.conf
- name: pe-pdp
- subPath: pdplp.conf
- - mountPath: /tmp/policy-install/config/pdp.conf
- name: pe-pdp
- subPath: pdp.conf
- - mountPath: /tmp/policy-install/do-start.sh
- name: pe-scripts
- subPath: do-start.sh
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /tmp/logback.xml
- name: policy-logback
- subPath: logback.xml
- lifecycle:
- postStart:
- exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/opt/app/policy/servers/pdp/webapps/pdp/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
- - image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /usr/share/filebeat/data
- name: policy-data-filebeat
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-filebeat-configmap
- - name: policy-logs
- emptyDir: {}
- - name: policy-data-filebeat
- emptyDir: {}
- - name: policy-logback
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- - name: pe-input
- configMap:
- name: {{ include "common.release" . }}-pe-configmap
- defaultMode: 0755
- - name: pe-scripts
- configMap:
- name: {{ include "common.release" . }}-pe-scripts-configmap
- defaultMode: 0777
- - name: pe-pdp-input
- configMap:
- name: {{ include "common.fullname" . }}-pe-configmap
- defaultMode: 0755
- - name: pe
- emptyDir:
- medium: Memory
- - name: pe-pdp
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018,2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
- passwordPolicy: required
- - uid: pdp-http-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
- login: '{{ .Values.pdp.pdphttpuserid }}'
- password: '{{ .Values.pdp.pdphttppassword }}'
- passwordPolicy: required
- - uid: pap-http-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
- login: '{{ .Values.pap.pdppappdphttpuserid }}'
- password: '{{ .Values.pap.pdppappdphttppassword }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-
-db:
- user: policy_user
- password: policy_user
-pdp:
- pdphttpuserid: testpdp
- pdphttppassword: alpha123
-pap:
- pdppappdphttpuserid: testpap
- pdppappdphttppassword: alpha123
-
-config:
- papPort: 9091
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: pdp
- portName: pdp
- internalPort: 8081
- externalPort: 8081
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-{
- "name":"OnapPfParameterGroup",
- "restServerParameters": {
- "host": "0.0.0.0",
- "port": 6969,
- "userName": "${RESTSERVER_USER}",
- "password": "${RESTSERVER_PASSWORD}",
- "https": true
- },
- "pdpStatusParameters":{
- "pdpGroup": "defaultGroup",
- "timeIntervalMs": 120000,
- "pdpType":"apex",
- "description":"Pdp Heartbeat",
- "supportedPolicyTypes": [
- {
- "name": "onap.policies.controlloop.operational.Apex",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.native.Apex",
- "version": "1.0.0"
- },
- {
- "name": "onap.policies.controlloop.operational.common.Apex",
- "version": "1.0.0"
- }
- ]
- },
- "topicParameterGroup": {
- "topicSources" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : true,
- "topicCommInfrastructure" : "dmaap"
- }],
- "topicSinks" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : true,
- "topicCommInfrastructure" : "dmaap"
- }]
- }
-}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-{
- "javaProperties" : [
- ["javax.net.ssl.trustStore", "/opt/app/policy/apex-pdp/etc/ssl/policy-truststore"],
- ["javax.net.ssl.trustStorePassword", "${TRUSTSTORE_PASSWORD_BASE64}"]
- ],
- "engineServiceParameters": {
- "name": "MyApexEngine",
- "version": "0.0.1",
- "id": 45,
- "instanceCount": 4,
- "deploymentPort": 12345,
- "policyModelFileName": "examples/models/SampleDomain/SamplePolicyModelJAVASCRIPT.json",
- "engineParameters": {
- "executorParameters": {
- "JAVASCRIPT": {
- "parameterClassName": "org.onap.policy.apex.plugins.executor.javascript.JavascriptExecutorParameters"
- }
- }
- }
- },
- "eventOutputParameters": {
- "FirstProducer": {
- "carrierTechnologyParameters": {
- "carrierTechnology": "FILE",
- "parameters": {
- "standardIo": true
- }
- },
- "eventProtocolParameters": {
- "eventProtocol": "JSON"
- }
- }
- },
- "eventInputParameters": {
- "FirstConsumer": {
- "carrierTechnologyParameters": {
- "carrierTechnology": "FILE",
- "parameters": {
- "standardIo": true
- }
- },
- "eventProtocolParameters": {
- "eventProtocol": "JSON"
- }
- }
- }
-}
+++ /dev/null
-<!--\r
- ============LICENSE_START=======================================================\r
- Copyright (C) 2020 Bell Canada. All rights reserved.\r
- ================================================================================\r
- Licensed under the Apache License, Version 2.0 (the "License");\r
- you may not use this file except in compliance with the License.\r
- You may obtain a copy of the License at\r
- http://www.apache.org/licenses/LICENSE-2.0\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
- SPDX-License-Identifier: Apache-2.0\r
- ============LICENSE_END=========================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="30 seconds" debug="false">\r
-\r
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/apex-pdp/error.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/apex-pdp/error.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>WARN</level>\r
- </filter>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="ErrorOut" />\r
- </appender>\r
-\r
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/apex-pdp/debug.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/apex-pdp/debug.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="DebugOut" />\r
- </appender>\r
-\r
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/apex-pdp/network.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/apex-pdp/network.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="NetworkOut" />\r
- </appender>\r
-\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="STDOUT" />\r
- </appender>\r
-\r
- <logger name="network" level="INFO" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <root level="INFO">\r
- <appender-ref ref="AsyncDebugOut" />\r
- <appender-ref ref="AsyncErrorOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </root>\r
-\r
-</configuration>
\ No newline at end of file
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# Modifications Copyright (C) 2020 Nordix Foundation.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
-{{- with .Files.Glob "resources/config/*store" }}
-binaryData:
-{{- range $path, $bytes := . }}
- {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
-{{- end }}
-{{- end }}
-data:
-{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- sessionAffinity: None
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ include "common.servicename" . }}
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "export TRUSTSTORE_PASSWORD_BASE64=`echo -n ${TRUSTSTORE_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: TRUSTSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }}
- - name: RESTSERVER_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- - name: RESTSERVER_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input
- name: apexconfig-input
- - mountPath: /config
- name: apexconfig
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- command:
- - /opt/app/policy/apex-pdp/bin/apexOnapPf.sh
- - -c
- - /home/apexuser/config/OnapPfConfig.json
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{- end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: REPLICAS
- value: "{{ .Values.replicaCount }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /home/apexuser/config
- name: apexconfig
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: policy-logs
- emptyDir: {}
- - name: apexconfig-input
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- defaultMode: 0755
- - name: apexconfig
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: restserver-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
- login: '{{ .Values.restServer.user }}'
- password: '{{ .Values.restServer.password }}'
- - uid: truststore-pass
- type: password
- externalSecret: '{{ tpl (default "" .Values.truststore.passwordExternalSecret) . }}'
- password: '{{ .Values.truststore.password }}'
- policy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-apex-pdp:2.4.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-
-restServer:
- user: healthcheck
- password: zb!XztG34
-truststore:
- password: Pol1cy_0nap
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 20
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 20
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: policy-apex-pdp
- portName: policy-apex-pdp
- externalPort: 6969
- internalPort: 6969
- nodePort: 37
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-description: ONAP Policy Design API
-name: policy-api
-version: 6.0.0
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-{
- "name":"ApiGroup",
- "restServerParameters":{
- "host":"0.0.0.0",
- "port":6969,
- "userName":"${RESTSERVER_USER}",
- "password":"${RESTSERVER_PASSWORD}",
- "https": true,
- "aaf": false
- },
- "databaseProviderParameters": {
- "name": "PolicyProviderParameterGroup",
- "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
- "databaseDriver": "org.mariadb.jdbc.Driver",
- "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/policyadmin",
- "databaseUser": "${SQL_USER}",
- "databasePassword": "${SQL_PASSWORD_BASE64}",
- "persistenceUnit": "PolicyMariaDb"
- },
- "preloadPolicyTypes": [
- "policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app.yaml",
- "policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml",
- "policytypes/onap.policies.Optimization.yaml",
- "policytypes/onap.policies.optimization.Resource.yaml",
- "policytypes/onap.policies.optimization.Service.yaml",
- "policytypes/onap.policies.optimization.resource.AffinityPolicy.yaml",
- "policytypes/onap.policies.optimization.resource.DistancePolicy.yaml",
- "policytypes/onap.policies.optimization.resource.HpaPolicy.yaml",
- "policytypes/onap.policies.optimization.resource.OptimizationPolicy.yaml",
- "policytypes/onap.policies.optimization.resource.PciPolicy.yaml",
- "policytypes/onap.policies.optimization.service.QueryPolicy.yaml",
- "policytypes/onap.policies.optimization.service.SubscriberPolicy.yaml",
- "policytypes/onap.policies.optimization.resource.Vim_fit.yaml",
- "policytypes/onap.policies.optimization.resource.VnfPolicy.yaml",
- "policytypes/onap.policies.controlloop.guard.Common.yaml",
- "policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml",
- "policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml",
- "policytypes/onap.policies.controlloop.guard.common.MinMax.yaml",
- "policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml",
- "policytypes/onap.policies.controlloop.Operational.yaml",
- "policytypes/onap.policies.Naming.yaml",
- "policytypes/onap.policies.native.Drools.yaml",
- "policytypes/onap.policies.native.Xacml.yaml",
- "policytypes/onap.policies.native.Apex.yaml",
- "policytypes/onap.policies.controlloop.operational.Common.yaml",
- "policytypes/onap.policies.controlloop.operational.common.Apex.yaml",
- "policytypes/onap.policies.controlloop.operational.common.Drools.yaml"
- ],
- "preloadPolicies" : [
- "policies/sdnc.policy.naming.input.tosca.yaml"
- ]
-}
+++ /dev/null
-<!--\r
- ============LICENSE_START=======================================================\r
- Copyright (C) 2020 Bell Canada. All rights reserved.\r
- ================================================================================\r
- Licensed under the Apache License, Version 2.0 (the "License");\r
- you may not use this file except in compliance with the License.\r
- You may obtain a copy of the License at\r
- http://www.apache.org/licenses/LICENSE-2.0\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
- SPDX-License-Identifier: Apache-2.0\r
- ============LICENSE_END=========================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="30 seconds" debug="false">\r
-\r
- <appender name="ErrorOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/api/error.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/api/error.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>WARN</level>\r
- </filter>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncErrorOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="ErrorOut" />\r
- </appender>\r
-\r
- <appender name="DebugOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/api/debug.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/api/debug.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncDebugOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="DebugOut" />\r
- </appender>\r
-\r
- <appender name="NetworkOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/api/network.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/api/network.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncNetworkOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="NetworkOut" />\r
- </appender>\r
-\r
- <appender name="MetricOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/api/metric.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/api/metric.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncMetricOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="MetricOut" />\r
- </appender>\r
-\r
- <appender name="TransactionOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/api/audit.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/api/audit.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncTransactionOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="TransactionOut" />\r
- </appender>\r
-\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="STDOUT" />\r
- </appender>\r
-\r
- <logger name="network" level="INFO" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty.server.RequestLog" level="info"\r
- additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty" level="ERROR" />\r
-\r
- <root level="INFO">\r
- <appender-ref ref="AsyncDebugOut" />\r
- <appender-ref ref="AsyncErrorOut" />\r
- <appender-ref ref="AsyncMetricOut" />\r
- <appender-ref ref="AsyncTransactionOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </root>\r
-\r
-</configuration>\r
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright (C) 2020 Nordix Foundation.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
-{{- with .Files.Glob "resources/config/*store" }}
-binaryData:
-{{- range $path, $bytes := . }}
- {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
-{{- end }}
-{{- end }}
-data:
-{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }}
+++ /dev/null
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ include "common.release" . }}-galera-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
-
- - command:
- - sh
- args:
- - -c
- - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
- - name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
- - name: RESTSERVER_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }}
- - name: RESTSERVER_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }}
- volumeMounts:
- - mountPath: /config-input
- name: apiconfig
- - mountPath: /config
- name: apiconfig-processed
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
-
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/opt/app/policy/api/bin/policy-api.sh"]
- args: ["/opt/app/policy/api/etc/mounted/config.json"]
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /opt/app/policy/api/etc/mounted
- name: apiconfig-processed
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: apiconfig
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- defaultMode: 0755
- - name: apiconfig-processed
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 304
- persistence: {}
- envsubstImage: dibi/envsubst
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
- passwordPolicy: required
- - uid: restserver-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
- login: '{{ .Values.restServer.user }}'
- password: '{{ .Values.restServer.password }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-api:2.3.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-db:
- user: policy_user
- password: policy_user
-restServer:
- user: healthcheck
- password: zb!XztG34
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 20
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 20
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: policy-api
- portName: policy-api
- externalPort: 6969
- internalPort: 6969
- nodePort: 40
-
-ingress:
- enabled: false
-
-resources: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Policy Common
-name: policy-common
-version: 6.0.0
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"]
- #If enable will do load balancing among availabe Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-JAVA_HOME=/usr/local/openjdk-11
-POLICY_HOME=/opt/app/policy
-POLICY_LOGS=/var/log/onap
-KEYSTORE_PASSWD=Pol1cy_0nap
-TRUSTSTORE_PASSWD=Pol1cy_0nap
-
-JDBC_DRIVER=org.mariadb.jdbc.Driver
-JDBC_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/onap_sdk?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
-JDBC_LOG_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/log?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30
-
-JDBC_USER=${JDBC_USER}
-JDBC_PASSWORD=${JDBC_PASSWORD}
-
-site_name=site_1
-fp_monitor_interval=30
-failed_counter_threshold=3
-test_trans_interval=20
-write_fpc_interval=5
-max_fpc_update_interval=60
-test_via_jmx=false
-jmx_fqdn=
-
-AAF_NAMESPACE=org.onap.policy
-AAF_HOST=aaf-locate.{{.Release.Namespace}}
-
-ENVIRONMENT=TEST
-
-#Micro Service Model Properties
-policy_msOnapName=
-policy_msPolicyName=
+++ /dev/null
-#!/bin/bash
-
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# Script to configure and start the Policy components that are to run in the designated container,
-# It is intended to be used as the entrypoint in the Dockerfile, so the last statement of the
-# script just goes into a long sleep so that the script does not exit (which would cause the
-# container to be torn down).
-
-container=$1
-
-case $container in
-pap)
- comps="base pap paplp console mysql elk"
- ;;
-pdp)
- comps="base pdp pdplp"
- ;;
-brmsgw)
- comps="base brmsgw"
- ;;
-*)
- echo "Usage: do-start.sh pap|pdp|brmsgw" >&2
- exit 1
-esac
-
-
-# skip installation if build.info file is present (restarting an existing container)
-if [[ -f /opt/app/policy/etc/build.info ]]; then
- echo "Found existing installation, will not reinstall"
- . /opt/app/policy/etc/profile.d/env.sh
-
-else
- if [[ -d config ]]; then
- cp config/*.conf .
- fi
-
- for comp in $comps; do
- echo "Installing component: $comp"
- ./docker-install.sh --install $comp
- done
- for comp in $comps; do
- echo "Configuring component: $comp"
- ./docker-install.sh --configure $comp
- done
-
- . /opt/app/policy/etc/profile.d/env.sh
-
- # install keystore
- # override the policy keystore and truststore if present
- if [[ -f config/policy-keystore ]]; then
- cp config/policy-keystore $POLICY_HOME/etc/ssl
- fi
-
- if [[ -f config/policy-truststore ]]; then
- cp -f config/policy-truststore $POLICY_HOME/etc/ssl
- fi
-
- if [[ -f config/$container-tweaks.sh ]] ; then
- # file may not be executable; running it as an
- # argument to bash avoids needing execute perms.
- bash config/$container-tweaks.sh
- fi
-
- if [[ $container == pap ]]; then
- # wait for DB up
- # now that DB is up, invoke database upgrade
- # (which does nothing if the db is already up-to-date)
- if [[ -v JDBC_USER ]]; then
- dbuser=${JDBC_USER};
- else
- dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
- fi
-
- if [[ -v JDBC_PASSWORD ]]; then
- dbpw=${JDBC_PASSWORD}
- else
- dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
- fi
- db_upgrade_remote.sh $dbuser $dbpw {{.Values.global.mariadb.service.name}}
- fi
-
-fi
-
-policy.sh start
-sleep 1000d
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-pe-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-pe-scripts-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/scripts/do-start.sh").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-filebeat-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- logstashServiceName: log-ls
- logstashPort: 5044
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: NodePort
- name: <onap-app>
- externalPort: <8080>
- #Example internal target port if required
- #internalPort: <80>
- nodePort: <replace with unused node port suffix eg. 23>
-
-ingress:
- enabled: false
-
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# Modifications Copyright (C) 2020 AT&T Intellectual Property.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-{
- "name":"SDCDistributionGroup",
- "restServerParameters":{
- "host":"0.0.0.0",
- "port":6969,
- "userName":"${RESTSERVER_USER}",
- "password":"${RESTSERVER_PASSWORD}",
- "https":true
- },
- "receptionHandlerParameters":{
- "SDCReceptionHandler":{
- "receptionHandlerType":"SDC",
- "receptionHandlerClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandler",
- "receptionHandlerConfigurationName":"sdcConfiguration",
- "pluginHandlerParameters":{
- "policyDecoders":{
- "ToscaPolicyDecoder":{
- "decoderType":"ToscaPolicyDecoder",
- "decoderClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicy",
- "decoderConfigurationName": "toscaPolicyDecoderConfiguration"
- }
- },
- "policyForwarders":{
- "LifeCycleApiForwarder":{
- "forwarderType":"LifeCycleAPI",
- "forwarderClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiPolicyForwarder",
- "forwarderConfigurationName": "lifecycleApiConfiguration"
- }
- }
- }
- }
- },
- "receptionHandlerConfigurationParameters":{
- "sdcConfiguration":{
- "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
- "parameters":{
- "asdcAddress": "sdc-be:8443",
- "messageBusAddress": [
- "message-router"
- ],
- "user": "${SDCBE_USER}",
- "password": "${SDCBE_PASSWORD}",
- "pollingInterval":20,
- "pollingTimeout":30,
- "consumerId": "policy-id",
- "artifactTypes": [
- "TOSCA_CSAR",
- "HEAT"
- ],
- "consumerGroup": "policy-group",
- "environmentName": "AUTO",
- "keystorePath": "null",
- "keystorePassword": "null",
- "activeserverTlsAuth": false,
- "isFilterinEmptyResources": true,
- "isUseHttpsWithDmaap": true
- }
- }
- },
- "policyDecoderConfigurationParameters":{
- "toscaPolicyDecoderConfiguration":{
- "parameterClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicyParameterGroup",
- "parameters":{
- "policyFileName": "tosca_policy",
- "policyTypeFileName": "tosca_policy_type"
- }
- }
- },
- "policyForwarderConfigurationParameters":{
- "lifecycleApiConfiguration":{
- "parameterClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiForwarderParameters",
- "parameters":{
- "apiParameters": {
- "hostName": "policy-api",
- "port": 6969,
- "userName": "${API_USER}",
- "password": "${API_PASSWORD}"
- },
- "papParameters": {
- "hostName": "policy-pap",
- "port": 6969,
- "userName": "${PAP_USER}",
- "password": "${PAP_PASSWORD}"
- },
- "isHttps": true,
- "deployPolicies": true
- }
- }
- }
-}
+++ /dev/null
-<!--\r
- ============LICENSE_START=======================================================\r
- Copyright (C) 2020 Bell Canada. All rights reserved.\r
- ================================================================================\r
- Licensed under the Apache License, Version 2.0 (the "License");\r
- you may not use this file except in compliance with the License.\r
- You may obtain a copy of the License at\r
- http://www.apache.org/licenses/LICENSE-2.0\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
- SPDX-License-Identifier: Apache-2.0\r
- ============LICENSE_END=========================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="30 seconds" debug="false">\r
-\r
- <appender name="ErrorOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/distribution/error.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>WARN</level>\r
- </filter>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncErrorOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="ErrorOut" />\r
- </appender>\r
-\r
- <appender name="DebugOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/distribution/debug.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncDebugOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="DebugOut" />\r
- </appender>\r
-\r
- <appender name="NetworkOut"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/distribution/network.log</file>\r
- <rollingPolicy\r
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncNetworkOut"\r
- class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="NetworkOut" />\r
- </appender>\r
-\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="STDOUT" />\r
- </appender>\r
-\r
- <logger name="network" level="INFO" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty.server.RequestLog" level="info"\r
- additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <root level="INFO">\r
- <appender-ref ref="AsyncDebugOut" />\r
- <appender-ref ref="AsyncErrorOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </root>\r
-\r
-</configuration>
\ No newline at end of file
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# Modifications Copyright (C) 2020 Nordix Foundation.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
-{{- with .Files.Glob "resources/config/*store" }}
-binaryData:
-{{- range $path, $bytes := . }}
- {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
-{{- end }}
-{{- end }}
-data:
-{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }}
+++ /dev/null
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: RESTSERVER_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- - name: RESTSERVER_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
- - name: API_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "apiparameters-creds" "key" "login") | indent 10 }}
- - name: API_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "apiparameters-creds" "key" "password") | indent 10 }}
- - name: PAP_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "papparameters-creds" "key" "login") | indent 10 }}
- - name: PAP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "papparameters-creds" "key" "password") | indent 10 }}
- - name: SDCBE_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdcbe-creds" "key" "login") | indent 10 }}
- - name: SDCBE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdcbe-creds" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input
- name: distributionconfig-input
- - mountPath: /config
- name: distributionconfig
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
- args: ["/opt/app/policy/distribution/etc/mounted/config.json"]
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /opt/app/policy/distribution/etc/mounted
- name: distributionconfig
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: distributionconfig-input
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- defaultMode: 0755
- - name: distributionconfig
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# Modifications Copyright (C) 2019 AT&T Intellectual Property.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: restserver-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
- login: '{{ .Values.restServer.user }}'
- password: '{{ .Values.restServer.password }}'
- passwordPolicy: required
- - uid: apiparameters-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.apiParameters.credsExternalSecret) . }}'
- login: '{{ .Values.apiParameters.user }}'
- password: '{{ .Values.apiParameters.password }}'
- passwordPolicy: required
- - uid: papparameters-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.papParameters.credsExternalSecret) . }}'
- login: '{{ .Values.papParameters.user }}'
- password: '{{ .Values.papParameters.password }}'
- passwordPolicy: required
- - uid: sdcbe-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.sdcBe.credsExternalSecret) . }}'
- login: '{{ .Values.sdcBe.user }}'
- password: '{{ .Values.sdcBe.password }}'
- passwordPolicy: required
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- persistence: {}
- envsubstImage: dibi/envsubst
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-distribution:2.4.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-
-restServer:
- user: healthcheck
- password: zb!XztG34
-apiParameters:
- user: healthcheck
- password: zb!XztG34
-papParameters:
- user: healthcheck
- password: zb!XztG34
-sdcBe:
- user: policy
- password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 20
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 20
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: policy-distribution
- portName: policy-distribution
- externalPort: 6969
- internalPort: 6969
-
-ingress:
- enabled: false
-
-resources: {}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-description: ONAP Policy XACML PDP
-name: policy-xacml-pdp
-version: 6.0.0
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-{
- "name": "XacmlPdpParameters",
- "pdpGroup": "defaultGroup",
- "restServerParameters": {
- "host": "0.0.0.0",
- "port": 6969,
- "userName": "${RESTSERVER_USER}",
- "password": "${RESTSERVER_PASSWORD}",
- "https": true,
- "aaf": false
- },
- "policyApiParameters": {
- "host": "policy-api",
- "port": 6969,
- "userName": "${API_USER}",
- "password": "${API_PASSWORD}",
- "https": true,
- "aaf": false
- },
- "applicationPath": "/opt/app/policy/pdpx/apps",
- "topicParameterGroup": {
- "topicSources" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : true,
- "fetchTimeout" : 15000,
- "topicCommInfrastructure" : "dmaap"
- }],
- "topicSinks" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : true,
- "topicCommInfrastructure" : "dmaap"
- }]
- }
-}
+++ /dev/null
-<!--\r
- ============LICENSE_START=======================================================\r
- Copyright (C) 2020 Bell Canada. All rights reserved.\r
- ================================================================================\r
- Licensed under the Apache License, Version 2.0 (the "License");\r
- you may not use this file except in compliance with the License.\r
- You may obtain a copy of the License at\r
- http://www.apache.org/licenses/LICENSE-2.0\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
- SPDX-License-Identifier: Apache-2.0\r
- ============LICENSE_END=========================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="30 seconds" debug="false">\r
-\r
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpx/error.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpx/error.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>WARN</level>\r
- </filter>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="ErrorOut" />\r
- </appender>\r
-\r
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpx/debug.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpx/debug.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="DebugOut" />\r
- </appender>\r
-\r
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>/var/log/onap/policy/pdpx/network.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">\r
- <fileNamePattern>/var/log/onap/policy/pdpx/network.%d{yyyy-MM-dd}.%i.log.zip\r
- </fileNamePattern>\r
- <maxFileSize>50MB</maxFileSize>\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>10GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="NetworkOut" />\r
- </appender>\r
-\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">\r
- <appender-ref ref="STDOUT" />\r
- </appender>\r
-\r
- <logger name="network" level="INFO" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">\r
- <appender-ref ref="AsyncNetworkOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </logger>\r
-\r
- <root level="INFO">\r
- <appender-ref ref="AsyncDebugOut" />\r
- <appender-ref ref="AsyncErrorOut" />\r
- <appender-ref ref="AsyncStdOut" />\r
- </root>\r
-\r
-</configuration>
\ No newline at end of file
+++ /dev/null
-#
-# Properties that the embedded PDP engine uses to configure and load
-#
-# Standard API Factories
-#
-xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
-xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
-xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
-xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
-xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
-#
-# AT&T PDP Implementation Factories
-#
-xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
-xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
-xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
-#
-# ONAP PDP Implementation Factories
-#
-xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory
-
-#
-# Use a root combining algorithm
-#
-xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides
-
-#
-# PIP Engine Definitions
-#
-count-recent-operations.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.CountRecentOperationsPip
-count-recent-operations.issuer=urn:org:onap:xacml:guard:count-recent-operations
-count-recent-operations.name=CountRecentOperations
-count-recent-operations.description=Returns operation counts based on time window
-count-recent-operations.persistenceunit=OperationsHistoryPU
-
-get-operation-outcome.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.GetOperationOutcomePip
-get-operation-outcome.issuer=urn:org:onap:xacml:guard:get-operation-outcome
-get-operation-outcome.name=GetOperationOutcome
-get-operation-outcome.description=Returns operation outcome
-get-operation-outcome.persistenceunit=OperationsHistoryPU
-
-#
-# Make pips available to finder
-#
-xacml.pip.engines=count-recent-operations,get-operation-outcome
-
-#
-# JPA Properties
-#
-javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
-javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory
-javax.persistence.jdbc.user=${SQL_USER}
-javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright (C) 2020 Nordix Foundation.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
-{{- with .Files.Glob "resources/config/*store" }}
-binaryData:
-{{- range $path, $bytes := . }}
- {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
-{{- end }}
-{{- end }}
-data:
-{{ tpl (.Files.Glob "resources/config/*.{json,properties,xml}").AsConfig . | indent 2 }}
+++ /dev/null
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ include "common.release" . }}-galera-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - command:
- - sh
- args:
- - -c
- - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: RESTSERVER_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- - name: RESTSERVER_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
- - name: API_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }}
- - name: API_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }}
- - name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input
- name: pdpxconfig
- - mountPath: /config
- name: pdpxconfig-processed
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
- args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /opt/app/policy/pdpx/etc/mounted
- name: pdpxconfig-processed
- emptyDir:
- medium: Memory
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: pdpxconfig
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- defaultMode: 0755
- - name: pdpxconfig-processed
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- persistence: {}
- envsubstImage: dibi/envsubst
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
- passwordPolicy: required
- - uid: restserver-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
- login: '{{ .Values.restServer.user }}'
- password: '{{ .Values.restServer.password }}'
- passwordPolicy: required
- - uid: api-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.apiServer.credsExternalSecret) . }}'
- login: '{{ .Values.apiServer.user }}'
- password: '{{ .Values.apiServer.password }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-xacml-pdp:2.3.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-
-db:
- user: policy_user
- password: policy_user
-restServer:
- user: healthcheck
- password: zb!XztG34
-apiServer:
- user: healthcheck
- password: zb!XztG34
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 20
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 20
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: policy-xacml-pdp
- portName: policy-xacml-pdp
- externalPort: 6969
- internalPort: 6969
-
-ingress:
- enabled: false
-
-resources: {}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{
+ "name":"OnapPfParameterGroup",
+ "restServerParameters": {
+ "host": "0.0.0.0",
+ "port": 6969,
+ "userName": "${RESTSERVER_USER}",
+ "password": "${RESTSERVER_PASSWORD}",
+ "https": true
+ },
+ "pdpStatusParameters":{
+ "pdpGroup": "defaultGroup",
+ "timeIntervalMs": 120000,
+ "pdpType":"apex",
+ "description":"Pdp Heartbeat",
+ "supportedPolicyTypes": [
+ {
+ "name": "onap.policies.native.Apex",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.controlloop.operational.common.Apex",
+ "version": "1.0.0"
+ }
+ ]
+ },
+ "topicParameterGroup": {
+ "topicSources" : [{
+ "topic" : "POLICY-PDP-PAP",
+ "servers" : [ "message-router" ],
+ "useHttps" : true,
+ "fetchTimeout": 15000,
+ "topicCommInfrastructure" : "dmaap"
+ }],
+ "topicSinks" : [{
+ "topic" : "POLICY-PDP-PAP",
+ "servers" : [ "message-router" ],
+ "useHttps" : true,
+ "topicCommInfrastructure" : "dmaap"
+ }]
+ }
+}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+{
+ "javaProperties" : [
+ ["javax.net.ssl.trustStore", "/opt/app/policy/apex-pdp/etc/ssl/policy-truststore"],
+ ["javax.net.ssl.trustStorePassword", "${TRUSTSTORE_PASSWORD_BASE64}"]
+ ],
+ "engineServiceParameters": {
+ "name": "MyApexEngine",
+ "version": "0.0.1",
+ "id": 45,
+ "instanceCount": 4,
+ "deploymentPort": 12345,
+ "policyModelFileName": "examples/models/SampleDomain/SamplePolicyModelJAVASCRIPT.json",
+ "engineParameters": {
+ "executorParameters": {
+ "JAVASCRIPT": {
+ "parameterClassName": "org.onap.policy.apex.plugins.executor.javascript.JavascriptExecutorParameters"
+ }
+ }
+ }
+ },
+ "eventOutputParameters": {
+ "FirstProducer": {
+ "carrierTechnologyParameters": {
+ "carrierTechnology": "FILE",
+ "parameters": {
+ "standardIo": true
+ }
+ },
+ "eventProtocolParameters": {
+ "eventProtocol": "JSON"
+ }
+ }
+ },
+ "eventInputParameters": {
+ "FirstConsumer": {
+ "carrierTechnologyParameters": {
+ "carrierTechnology": "FILE",
+ "parameters": {
+ "standardIo": true
+ }
+ },
+ "eventProtocolParameters": {
+ "eventProtocol": "JSON"
+ }
+ }
+ }
+}
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/apex-pdp/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/apex-pdp/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/apex-pdp/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/apex-pdp/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/apex-pdp/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/apex-pdp/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2020 Nordix Foundation.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ sessionAffinity: None
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ serviceName: {{ include "common.servicename" . }}
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }}
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 10 }}
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: apexconfig-input
+ - mountPath: /config
+ name: apexconfig
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["bash","-c"]
+ args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
+ source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
+ /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
+ ports:
+ - containerPort: {{ .Values.service.externalPort }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.externalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{- end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.externalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: REPLICAS
+ value: "{{ .Values.replicaCount }}"
+{{- if not .Values.global.aafEnabled }}
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 12 }}
+{{- end }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /var/log/onap
+ name: policy-logs
+ - mountPath: /home/apexuser/config
+ name: apexconfig
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: policy-logs
+ emptyDir: {}
+ - name: apexconfig-input
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: apexconfig
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ readinessImage: onap/oom/readiness:3.0.1
+ envsubstImage: dibi/envsubst
+ aafEnabled: true
+ persistence: {}
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: restserver-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ - uid: truststore-pass
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+ - uid: keystore-pass
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/policy-apex-pdp:2.4.4
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+
+restServer:
+ user: healthcheck
+ password: zb!XztG34
+truststore:
+ password: Pol1cy_0nap
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-apex-pdp-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 101
+ gid: 102
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWORD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: policy-apex-pdp
+ portName: policy-apex-pdp
+ externalPort: 6969
+ internalPort: 6969
+ nodePort: 37
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+# Segregation for Different environment (Small and Large)
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 20m
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Policy Design API
+name: policy-api
+version: 6.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+{
+ "name":"ApiGroup",
+ "restServerParameters":{
+ "host":"0.0.0.0",
+ "port":6969,
+ "userName":"${RESTSERVER_USER}",
+ "password":"${RESTSERVER_PASSWORD}",
+ "https": true,
+ "aaf": false
+ },
+ "databaseProviderParameters": {
+ "name": "PolicyProviderParameterGroup",
+ "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
+ "databaseDriver": "org.mariadb.jdbc.Driver",
+ "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin",
+ "databaseUser": "${SQL_USER}",
+ "databasePassword": "${SQL_PASSWORD}",
+ "persistenceUnit": "PolicyMariaDb"
+ },
+ "preloadPolicyTypes": [
+ "policytypes/onap.policies.monitoring.tcagen2.yaml",
+ "policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml",
+ "policytypes/onap.policies.Optimization.yaml",
+ "policytypes/onap.policies.optimization.Resource.yaml",
+ "policytypes/onap.policies.optimization.Service.yaml",
+ "policytypes/onap.policies.optimization.resource.AffinityPolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.DistancePolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.HpaPolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.OptimizationPolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.PciPolicy.yaml",
+ "policytypes/onap.policies.optimization.service.QueryPolicy.yaml",
+ "policytypes/onap.policies.optimization.service.SubscriberPolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.Vim_fit.yaml",
+ "policytypes/onap.policies.optimization.resource.VnfPolicy.yaml",
+ "policytypes/onap.policies.controlloop.guard.Common.yaml",
+ "policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml",
+ "policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml",
+ "policytypes/onap.policies.controlloop.guard.common.MinMax.yaml",
+ "policytypes/onap.policies.controlloop.guard.common.Filter.yaml",
+ "policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml",
+ "policytypes/onap.policies.Naming.yaml",
+ "policytypes/onap.policies.Match.yaml",
+ "policytypes/onap.policies.native.Drools.yaml",
+ "policytypes/onap.policies.native.Xacml.yaml",
+ "policytypes/onap.policies.native.Apex.yaml",
+ "policytypes/onap.policies.controlloop.operational.Common.yaml",
+ "policytypes/onap.policies.controlloop.operational.common.Apex.yaml",
+ "policytypes/onap.policies.controlloop.operational.common.Drools.yaml"
+ ],
+ "preloadPolicies" : [
+ "policies/sdnc.policy.naming.input.tosca.yaml"
+ ]
+}
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/error.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/debug.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/network.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="MetricOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/metric.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/metric.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncMetricOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="MetricOut" />
+ </appender>
+
+ <appender name="TransactionOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/api/audit.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/api/audit.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncTransactionOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="TransactionOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info"
+ additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty" level="ERROR" />
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncMetricOut" />
+ <appender-ref ref="AsyncTransactionOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2020 Nordix Foundation.
+# Modified Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }}
--- /dev/null
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: apiconfig
+ - mountPath: /config
+ name: apiconfig-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 8 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["bash","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/config.json"]
+{{- else }}
+ command: ["/opt/app/policy/api/bin/policy-api.sh"]
+ args: ["/opt/app/policy/api/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/api/etc/mounted
+ name: apiconfig-processed
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: apiconfig
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: apiconfig-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 304
+ persistence: {}
+ envsubstImage: dibi/envsubst
+ aafEnabled: true
+ readinessImage: onap/oom/readiness:3.0.1
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+ - uid: restserver-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-api-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/policy-api:2.3.3
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+db:
+ user: policy_user
+ password: policy_user
+ service:
+ name: policy-mariadb
+ internalPort: 3306
+
+restServer:
+ user: healthcheck
+ password: zb!XztG34
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: policy-api
+ portName: policy-api
+ externalPort: 6969
+ internalPort: 6969
+ nodePort: 40
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+{
+ "name":"SDCDistributionGroup",
+ "restServerParameters":{
+ "host":"0.0.0.0",
+ "port":6969,
+ "userName":"${RESTSERVER_USER}",
+ "password":"${RESTSERVER_PASSWORD}",
+ "https":true
+ },
+ "receptionHandlerParameters":{
+ "SDCReceptionHandler":{
+ "receptionHandlerType":"SDC",
+ "receptionHandlerClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandler",
+ "receptionHandlerConfigurationName":"sdcConfiguration",
+ "pluginHandlerParameters":{
+ "policyDecoders":{
+ "ToscaPolicyDecoder":{
+ "decoderType":"ToscaPolicyDecoder",
+ "decoderClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicy",
+ "decoderConfigurationName": "toscaPolicyDecoderConfiguration"
+ }
+ },
+ "policyForwarders":{
+ "LifeCycleApiForwarder":{
+ "forwarderType":"LifeCycleAPI",
+ "forwarderClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiPolicyForwarder",
+ "forwarderConfigurationName": "lifecycleApiConfiguration"
+ }
+ }
+ }
+ }
+ },
+ "receptionHandlerConfigurationParameters":{
+ "sdcConfiguration":{
+ "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
+ "parameters":{
+ "asdcAddress": "sdc-be:8443",
+ "messageBusAddress": [
+ "message-router.{{ include "common.namespace" . }}"
+ ],
+ "user": "${SDCBE_USER}",
+ "password": "${SDCBE_PASSWORD}",
+ "pollingInterval":20,
+ "pollingTimeout":30,
+ "consumerId": "policy-id",
+ "artifactTypes": [
+ "TOSCA_CSAR",
+ "HEAT"
+ ],
+ "consumerGroup": "policy-group",
+ "environmentName": "AUTO",
+ "keystorePath": "null",
+ "keystorePassword": "null",
+ "activeserverTlsAuth": false,
+ "isFilterinEmptyResources": true,
+ "isUseHttpsWithDmaap": true
+ }
+ }
+ },
+ "policyDecoderConfigurationParameters":{
+ "toscaPolicyDecoderConfiguration":{
+ "parameterClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicyParameterGroup",
+ "parameters":{
+ "policyFileName": "tosca_policy",
+ "policyTypeFileName": "tosca_policy_type"
+ }
+ }
+ },
+ "policyForwarderConfigurationParameters":{
+ "lifecycleApiConfiguration":{
+ "parameterClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiForwarderParameters",
+ "parameters":{
+ "apiParameters": {
+ "hostName": "policy-api",
+ "port": 6969,
+ "userName": "${API_USER}",
+ "password": "${API_PASSWORD}"
+ },
+ "papParameters": {
+ "hostName": "policy-pap",
+ "port": 6969,
+ "userName": "${PAP_USER}",
+ "password": "${PAP_PASSWORD}"
+ },
+ "isHttps": true,
+ "deployPolicies": true
+ }
+ }
+ }
+}
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/distribution/error.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/distribution/debug.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/distribution/network.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info"
+ additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2020 Nordix Foundation.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
+ - name: API_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "apiparameters-creds" "key" "login") | indent 10 }}
+ - name: API_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "apiparameters-creds" "key" "password") | indent 10 }}
+ - name: PAP_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "papparameters-creds" "key" "login") | indent 10 }}
+ - name: PAP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "papparameters-creds" "key" "password") | indent 10 }}
+ - name: SDCBE_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdcbe-creds" "key" "login") | indent 10 }}
+ - name: SDCBE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdcbe-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: distributionconfig-input
+ - mountPath: /config
+ name: distributionconfig
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["bash","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ /opt/app/policy/distribution/bin/policy-dist.sh /opt/app/policy/distribution/etc/mounted/config.json"]
+{{- else }}
+ command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
+ args: ["/opt/app/policy/distribution/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/distribution/etc/mounted
+ name: distributionconfig
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: distributionconfig-input
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: distributionconfig
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2019 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ ports:
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: restserver-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
+ - uid: apiparameters-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.apiParameters.credsExternalSecret) . }}'
+ login: '{{ .Values.apiParameters.user }}'
+ password: '{{ .Values.apiParameters.password }}'
+ passwordPolicy: required
+ - uid: papparameters-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.papParameters.credsExternalSecret) . }}'
+ login: '{{ .Values.papParameters.user }}'
+ password: '{{ .Values.papParameters.password }}'
+ passwordPolicy: required
+ - uid: sdcbe-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.sdcBe.credsExternalSecret) . }}'
+ login: '{{ .Values.sdcBe.user }}'
+ password: '{{ .Values.sdcBe.password }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ envsubstImage: dibi/envsubst
+ aafEnabled: true
+ readinessImage: onap/oom/readiness:3.0.1
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/policy-distribution:2.4.3
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+
+restServer:
+ user: healthcheck
+ password: zb!XztG34
+apiParameters:
+ user: healthcheck
+ password: zb!XztG34
+papParameters:
+ user: healthcheck
+ password: zb!XztG34
+sdcBe:
+ user: policy
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-distribution-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: policy-distribution
+ portName: policy-distribution
+ externalPort: 6969
+ internalPort: 6969
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Drools Policy Engine (PDP-D)
+name: policy-drools-pdp
+version: 6.0.0
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2017-2018 Amdocs, Bell Canada.
+# Modifications Copyright (C) 2018-2020 AT&T Intellectual Property.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+# JVM options
+
+JVM_OPTIONS={{.Values.server.jvmOpts}}
+
+# SYSTEM software configuration
+
+POLICY_HOME=/opt/app/policy
+POLICY_LOGS=/var/log/onap/policy/pdpd
+
+# Telemetry credentials
+
+TELEMETRY_PORT=9696
+TELEMETRY_HOST=0.0.0.0
+
+# nexus repository
+
+SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots
+SNAPSHOT_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/
+RELEASE_REPOSITORY_ID=policy-nexus-releases
+RELEASE_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/
+REPOSITORY_OFFLINE={{.Values.nexus.offline}}
+
+# Relational (SQL) DB access
+
+SQL_HOST={{ .Values.db.name }}
+
+# AAF
+
+AAF={{.Values.aaf.enabled}}
+AAF_NAMESPACE=org.onap.policy
+AAF_HOST=aaf-locate.{{.Release.Namespace}}
+
+# PDP-D DMaaP configuration channel
+
+PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION
+PDPD_CONFIGURATION_SERVERS=message-router
+PDPD_CONFIGURATION_CONSUMER_GROUP=
+PDPD_CONFIGURATION_CONSUMER_INSTANCE=
+PDPD_CONFIGURATION_PARTITION_KEY=
+
+# PAP-PDP configuration channel
+
+POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP
+POLICY_PDP_PAP_GROUP=defaultGroup
+POLICY_PDP_PAP_POLICYTYPES=onap.policies.controlloop.operational.common.Drools
+
+# Symmetric Key for encoded sensitive data
+
+SYMM_KEY=
+
+# PAP
+
+PAP_HOST=policy-pap
+
+# PDP-X
+
+PDP_HOST=policy-xacml-pdp
+PDP_PORT=6969
+PDP_CONTEXT_URI=policy/pdpx/v1/
+GUARD_DISABLED=false
+
+# DCAE DMaaP
+
+DCAE_TOPIC=unauthenticated.DCAE_CL_OUTPUT
+DCAE_SERVERS=message-router
+DCAE_CONSUMER_GROUP=dcae.policy.shared
+
+# Open DMaaP
+
+DMAAP_SERVERS=message-router
+
+# AAI
+
+AAI_HOST=aai.{{.Release.Namespace}}
+AAI_PORT=8443
+AAI_CONTEXT_URI=
+
+# MSO
+
+SO_HOST=so.{{.Release.Namespace}}
+SO_PORT=8080
+SO_CONTEXT_URI=onap/so/infra/
+SO_URL=https://so.{{.Release.Namespace}}:8080/onap/so/infra
+
+# VFC
+
+VFC_HOST=
+VFC_PORT=
+VFC_CONTEXT_URI=api/nslcm/v1/
+
+# SDNC
+
+SDNC_HOST=sdnc.{{.Release.Namespace}}
+SDNC_PORT=8282
+SDNC_CONTEXT_URI=restconf/operations/
+
+# CDS
+
+CDS_GRPC_HOST={{.Values.cds.grpc.svcName}}
+CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}}
--- /dev/null
+{{/*
+# Copyright 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+POOLING_TOPIC=POOLING
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/network.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="MetricOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/metric.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/metric.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncMetricOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="MetricOut" />
+ </appender>
+
+ <appender name="TransactionOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/audit.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/audit.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncTransactionOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="TransactionOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncMetricStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="MetricStdOut" />
+ </appender>
+
+ <appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncTransactionStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="TransactionStdOut" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncMetricOut" />
+ <appender-ref ref="AsyncTransactionOut" />
+ <appender-ref ref="AsyncStdOut" />
+ <appender-ref ref="AsyncMetricStdOut" />
+ <appender-ref ref="AsyncTransactionStdOut" />
+ </root>
+
+</configuration>
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if not .Values.global.aafEnabled }}
+KEYSTORE_PASSWD={{.Values.keystore.password}}
+{{- end }}
+
+TRUSTSTORE_PASSWD={{.Values.truststore.password}}
+
+TELEMETRY_USER={{.Values.telemetry.user}}
+TELEMETRY_PASSWORD={{.Values.telemetry.password}}
+
+REPOSITORY_USERNAME={{.Values.nexus.user}}
+REPOSITORY_PASSWORD={{.Values.nexus.password}}
+
+PDPD_CONFIGURATION_API_KEY={{.Values.dmaap.brmsgw.key}}
+PDPD_CONFIGURATION_API_SECRET={{.Values.dmaap.brmsgw.secret}}
+
+POLICY_PDP_PAP_API_KEY={{.Values.dmaap.pap.key}}
+POLICY_PDP_PAP_API_SECRET={{.Values.dmaap.pap.secret}}
+
+PAP_USERNAME={{.Values.pap.user}}
+PAP_PASSWORD={{.Values.pap.password}}
+
+PAP_LEGACY_USERNAME={{.Values.papl.user}}
+PAP_LEGACY_PASSWORD={{.Values.papl.password}}
+
+PDP_USERNAME={{.Values.pdp.user}}
+PDP_PASSWORD={{.Values.pdp.password}}
+
+PDP_LEGACY_USERNAME={{.Values.pdpl.user}}
+PDP_LEGACY_PASSWORD={{.Values.pdpl.password}}
+
+AAI_USERNAME={{.Values.aai.user}}
+AAI_PASSWORD={{.Values.aai.password}}
+
+SO_USERNAME={{.Values.so.user}}
+SO_PASSWORD={{.Values.so.password}}
+
+VFC_USERNAME={{.Values.vfc.user}}
+VFC_PASSWORD={{.Values.vfc.password}}
+
+SDNC_USERNAME={{.Values.sdnc.user}}
+SDNC_PASSWORD={{.Values.sdnc.password}}
+
+HEALTHCHECK_USER={{.Values.telemetry.user}}
+HEALTHCHECK_PASSWORD={{.Values.telemetry.password}}
+
+CDS_GRPC_USERNAME={{.Values.cds.grpc.user}}
+CDS_GRPC_PASSWORD={{.Values.cds.grpc.password}}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+{{- with .Files.Glob "resources/configmaps/*{.zip,store}" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/configmaps/*.{conf,sh,properties,xml,keyfile}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-secret
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
+ {{ base $path }}: {{ tpl ($.Files.Get $path) $ | b64enc | quote }}
+{{- end }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
+ - port: {{ .Values.service.externalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
+ - port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ serviceName: {{ include "common.servicename" . }}
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-db-readiness
+{{- if not .Values.nexus.offline }}
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{ .Values.nexus.name }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+{{- end }}
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["bash","-c"]
+ args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
+ source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
+ cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
+ /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
+ ports:
+ - containerPort: {{ .Values.service.externalPort }}
+ - containerPort: {{ .Values.service.externalPort2 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.externalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{- end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.externalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: REPLICAS
+ value: "{{ .Values.replicaCount }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
+ - mountPath: /tmp/policy-install/config/{{ base $path }}
+ name: drools-secret
+ subPath: {{ base $path }}
+ {{- end }}
+ {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }}
+ - mountPath: /tmp/policy-install/config/{{ base $path }}
+ name: drools-config
+ subPath: {{ base $path }}
+ {{- end }}
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: drools-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ items:
+ {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }}
+ - key: {{ base $path }}
+ path: {{ base $path }}
+ mode: 0755
+ {{- end }}
+ - name: drools-secret
+ secret:
+ secretName: {{ include "common.fullname" . }}-secret
+ items:
+ {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
+ - key: {{ base $path }}
+ path: {{ base $path }}
+ mode: 0644
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ readinessImage: onap/oom/readiness:3.0.1
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ ubuntuImage: ubuntu:16.04
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/policy-pdpd-cl:1.7.5
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 180
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: policy-drools-pdp
+ portName: policy-drools-pdp
+ internalPort: 6969
+ externalPort: 6969
+ nodePort: 17
+ internalPort2: 9696
+ externalPort2: 9696
+ nodePort2: 21
+
+ingress:
+ enabled: false
+
+# Default installation values to be overridden
+
+certInitializer:
+ nameOverride: policy-drools-pdp-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 1000
+ gid: 1000
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
+server:
+ jvmOpts: -server -XshowSettings:vm
+
+aaf:
+ enabled: "false"
+
+keystore:
+ password: Pol1cy_0nap
+
+truststore:
+ password: Pol1cy_0nap
+
+telemetry:
+ user: demo@people.osaaf.org
+ password: demo123456!
+
+nexus:
+ name: policy-nexus
+ port: 8081
+ user: admin
+ password: admin123
+ offline: true
+
+db:
+ name: policy-mariadb
+ user: policy_user
+ password: policy_user
+
+pap:
+ user: healthcheck
+ password: zb!XztG34
+
+pdp:
+ user: healthcheck
+ password: zb!XztG34
+
+papl:
+ user: testpap
+ password: alpha123
+
+pdpl:
+ user: testpdp
+ password: alpha123
+
+aai:
+ user: policy@policy.onap.org
+ password: demo123456!
+
+so:
+ user: InfraPortalClient
+ password: password1$
+
+vfc:
+ user:
+ password:
+
+sdnc:
+ user: admin
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+dmaap:
+ brmsgw:
+ key:
+ password:
+ pap:
+ key:
+ password:
+
+cds:
+ grpc:
+ user: ccsdkapps
+ password: ccsdkapps
+ svcName: cds-blueprints-processor-grpc
+ svcPort: 9111
+
+# Resource Limit flavor -By Default using small
+# Segregation for Different environment (small, large, or unlimited)
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Policy Nexus
+name: policy-nexus
+version: 6.0.0
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command: ["sh", "-c", "chown -R 200:200 /share"]
+ image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.global.ubuntuInitImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-init
+ volumeMounts:
+ - mountPath: /share
+ name: nexus-data
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.externalPort }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.externalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ httpGet:
+ path: {{ .Values.readiness.path }}
+ port: {{ .Values.service.externalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /sonatype-work
+ name: nexus-data
+ resources:
+{{- if eq .Values.resources.flavor "large" }}
+{{ toYaml .Values.resources.large | indent 12 }}
+{{- else }}
+{{ toYaml .Values.resources.small | indent 12 }}
+{{- end -}}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: nexus-data
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ readinessImage: onap/oom/readiness:3.0.1
+ ubuntuInitRepository: oomk8s
+ ubuntuInitImage: ubuntu-init:1.0.0
+ persistence: {}
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: sonatype/nexus:2.14.13-01
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config: {}
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 180
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ path: /nexus/service/local/status
+
+service:
+ type: ClusterIP
+ name: policy-nexus
+ portName: policy-nexus
+ externalPort: 8081
+ internalPort: 8081
+ nodePort: 36
+
+ingress:
+ enabled: false
+
+## Persist data to a persitent volume
+persistence:
+ enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 2Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: policy/nexus/data
+
+# Segregation for Different environment (Small and Large)
+# Resource Limit flavor - By Default using small
+resources:
+ flavor: small
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1m
+ memory: 0.5Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2m
+ memory: 1Gi
+ unlimited: {}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 Nordix Foundation.
+# Modified Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Policy Administration (PAP)
+name: policy-pap
+version: 6.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 Nordix Foundation.
+# Modified Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+{
+ "name":"PapGroup",
+ "restServerParameters":{
+ "host":"0.0.0.0",
+ "port":6969,
+ "userName":"${RESTSERVER_USER}",
+ "password":"${RESTSERVER_PASSWORD}",
+ "https": true,
+ "aaf": false
+ },
+ "pdpParameters": {
+ "heartBeatMs": 120000,
+ "updateParameters": {
+ "maxRetryCount": 1,
+ "maxWaitMs": 30000
+ },
+ "stateChangeParameters": {
+ "maxRetryCount": 1,
+ "maxWaitMs": 30000
+ }
+ },
+ "databaseProviderParameters": {
+ "name": "PolicyProviderParameterGroup",
+ "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
+ "databaseDriver": "org.mariadb.jdbc.Driver",
+ "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin",
+ "databaseUser": "${SQL_USER}",
+ "databasePassword": "${SQL_PASSWORD}",
+ "persistenceUnit": "PolicyMariaDb"
+ },
+ "topicParameterGroup": {
+ "topicSources" : [{
+ "topic" : "POLICY-PDP-PAP",
+ "servers" : [ "message-router" ],
+ "useHttps": true,
+ "fetchTimeout": 15000,
+ "topicCommInfrastructure" : "dmaap"
+ }],
+ "topicSinks" : [{
+ "topic" : "POLICY-PDP-PAP",
+ "servers" : [ "message-router" ],
+ "useHttps" : true,
+ "topicCommInfrastructure" : "dmaap"
+ },
+ {
+ "topic" : "POLICY-NOTIFICATION",
+ "servers" : [ "message-router" ],
+ "useHttps" : true,
+ "topicCommInfrastructure" : "dmaap"
+ }]
+ },
+ "healthCheckRestClientParameters":[{
+ "clientName": "api",
+ "hostname": "policy-api",
+ "port": 6969,
+ "userName": "${API_USER}",
+ "password": "${API_PASSWORD}",
+ "useHttps": true,
+ "basePath": "policy/api/v1/healthcheck"
+ },
+ {
+ "clientName": "distribution",
+ "hostname": "policy-distribution",
+ "port": 6969,
+ "userName": "${DISTRIBUTION_USER}",
+ "password": "${DISTRIBUTION_PASSWORD}",
+ "useHttps": true,
+ "basePath": "healthcheck"
+ }]
+}
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pap/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pap/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pap/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019-2020 Nordix Foundation. All rights reserved.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{json,xml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
+ - name: API_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "login") | indent 10 }}
+ - name: API_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "password") | indent 10 }}
+ - name: DISTRIBUTION_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }}
+ - name: DISTRIBUTION_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: papconfig
+ - mountPath: /config
+ name: papconfig-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["bash","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/config.json"]
+{{- else }}
+ command: ["/opt/app/policy/pap/bin/policy-pap.sh"]
+ args: ["/opt/app/policy/pap/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/pap/etc/mounted
+ name: papconfig-processed
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: papconfig
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: papconfig-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 Nordix Foundation.
+# Modifications Copyright (C) 2019 AT&T Intellectual Property.
+# Modifications Copyright (C) 2020 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019 Nordix Foundation.
+# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2020 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ persistence: {}
+ envsubstImage: dibi/envsubst
+ aafEnabled: true
+ readinessImage: onap/oom/readiness:3.0.1
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+ - uid: restserver-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
+ - uid: api-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.api.credsExternalSecret) . }}'
+ login: '{{ .Values.healthCheckRestClient.api.user }}'
+ password: '{{ .Values.healthCheckRestClient.api.password }}'
+ passwordPolicy: required
+ - uid: distribution-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
+ login: '{{ .Values.healthCheckRestClient.distribution.user }}'
+ password: '{{ .Values.healthCheckRestClient.distribution.password }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-pap-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/policy-pap:2.3.3
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+
+db:
+ user: policy_user
+ password: policy_user
+ service:
+ name: policy-mariadb
+ internalPort: 3306
+
+restServer:
+ user: healthcheck
+ password: zb!XztG34
+
+healthCheckRestClient:
+ api:
+ user: healthcheck
+ password: zb!XztG34
+ distribution:
+ user: healthcheck
+ password: zb!XztG34
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http-api
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ port: http-api
+
+service:
+ type: ClusterIP
+ name: policy-pap
+ useNodePortExt: true
+ ports:
+ - name: http-api
+ port: 6969
+ nodePort: 42
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Policy XACML PDP (PDP-X)
+name: policy-xacml-pdp
+version: 6.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+{
+ "name": "XacmlPdpParameters",
+ "pdpGroup": "defaultGroup",
+ "restServerParameters": {
+ "host": "0.0.0.0",
+ "port": 6969,
+ "userName": "${RESTSERVER_USER}",
+ "password": "${RESTSERVER_PASSWORD}",
+ "https": true,
+ "aaf": false
+ },
+ "policyApiParameters": {
+ "host": "policy-api",
+ "port": 6969,
+ "userName": "${API_USER}",
+ "password": "${API_PASSWORD}",
+ "https": true,
+ "aaf": false
+ },
+ "applicationPath": "/opt/app/policy/pdpx/apps",
+ "topicParameterGroup": {
+ "topicSources" : [{
+ "topic" : "POLICY-PDP-PAP",
+ "servers" : [ "message-router" ],
+ "useHttps" : true,
+ "fetchTimeout" : 15000,
+ "topicCommInfrastructure" : "dmaap"
+ }],
+ "topicSinks" : [{
+ "topic" : "POLICY-PDP-PAP",
+ "servers" : [ "message-router" ],
+ "useHttps" : true,
+ "topicCommInfrastructure" : "dmaap"
+ }]
+ }
+}
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpx/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpx/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpx/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpx/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpx/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpx/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
\ No newline at end of file
--- /dev/null
+{{/*
+#
+# Properties that the embedded PDP engine uses to configure and load
+#
+# Standard API Factories
+#
+*/}}
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
+#
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+#
+# ONAP PDP Implementation Factories
+#
+xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory
+
+#
+# Use a root combining algorithm
+#
+xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides
+
+#
+# PIP Engine Definitions
+#
+count-recent-operations.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.CountRecentOperationsPip
+count-recent-operations.issuer=urn:org:onap:xacml:guard:count-recent-operations
+count-recent-operations.name=CountRecentOperations
+count-recent-operations.description=Returns operation counts based on time window
+count-recent-operations.persistenceunit=OperationsHistoryPU
+
+get-operation-outcome.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.GetOperationOutcomePip
+get-operation-outcome.issuer=urn:org:onap:xacml:guard:get-operation-outcome
+get-operation-outcome.name=GetOperationOutcome
+get-operation-outcome.description=Returns operation outcome
+get-operation-outcome.persistenceunit=OperationsHistoryPU
+
+#
+# Make pips available to finder
+#
+xacml.pip.engines=count-recent-operations,get-operation-outcome
+
+#
+# JPA Properties
+#
+javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
+javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory
+javax.persistence.jdbc.user=${SQL_USER}
+javax.persistence.jdbc.password=${SQL_PASSWORD}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright (C) 2020 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{json,properties,xml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
+ - name: API_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }}
+ - name: API_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }}
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: pdpxconfig
+ - mountPath: /config
+ name: pdpxconfig-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["bash","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ /opt/app/policy/pdpx/bin/policy-pdpx.sh /opt/app/policy/pdpx/etc/mounted/config.json"]
+{{- else }}
+ command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
+ args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/pdpx/etc/mounted
+ name: pdpxconfig-processed
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: pdpxconfig
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: pdpxconfig-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ envsubstImage: dibi/envsubst
+ aafEnabled: true
+ readinessImage: onap/oom/readiness:3.0.1
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+ - uid: restserver-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
+ - uid: api-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.apiServer.credsExternalSecret) . }}'
+ login: '{{ .Values.apiServer.user }}'
+ password: '{{ .Values.apiServer.password }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-xacml-pdp-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass
+ {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12");
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/policy-xacml-pdp:2.3.3
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+
+db:
+ user: policy_user
+ password: policy_user
+ service:
+ name: policy-mariadb
+ internalPort: 3306
+
+restServer:
+ user: healthcheck
+ password: zb!XztG34
+
+apiServer:
+ user: healthcheck
+ password: zb!XztG34
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: policy-xacml-pdp
+ portName: policy-xacml-pdp
+ externalPort: 6969
+ internalPort: 6969
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
dependencies:
- name: common
version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
repository: '@local'
- name: mariadb-galera
version: ~6.x-0
repository: '@local'
+ - name: policy-nexus
+ version: ~6.x-0
+ repository: 'file://components/policy-nexus'
+ condition: policy-nexus.enabled
+ - name: policy-api
+ version: ~6.x-0
+ repository: 'file://components/policy-api'
+ condition: policy-api.enabled
+ - name: policy-pap
+ version: ~6.x-0
+ repository: 'file://components/policy-pap'
+ condition: policy-pap.enabled
+ - name: policy-xacml-pdp
+ version: ~6.x-0
+ repository: 'file://components/policy-xacml-pdp'
+ condition: policy-xacml-pdp.enabled
+ - name: policy-apex-pdp
+ version: ~6.x-0
+ repository: 'file://components/policy-apex-pdp'
+ condition: policy-apex-pdp.enabled
+ - name: policy-drools-pdp
+ version: ~6.x-0
+ repository: 'file://components/policy-drools-pdp'
+ condition: policy-drools-pdp.enabled
+ - name: policy-distribution
+ version: ~6.x-0
+ repository: 'file://components/policy-distribution'
+ condition: policy-distribution.enabled
+#!/bin/bash -x
+{{/*
# Copyright © 2017 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-#!/bin/bash -xv
mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
+
for db in support onap_sdk log migration operationshistory10 pooling policyadmin operationshistory
do
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-<configuration debug="true" scan="true" scanPeriod="3 seconds">
- <!--
- Logback files for the ECOMP SDK Application "ecomp_app"
- are created in directory ${catalina.base}/logs/ecomp_app;
- e.g., apache-tomcat-8.0.35/logs/ecomp_app/application.log
- -->
- <!--<jmxConfigurator /> -->
- <!-- specify the base path of the log directory -->
- <property name="logDir" value="/var/log/onap" />
- <!-- specify the component name -->
- <property name="componentName" value="policy" />
- <!-- specify the sub component name -->
- <property name="subComponentName" value="ep_sdk_app" />
- <!-- The directories where logs are written -->
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- log file names -->
- <property name="generalLogName" value="application" />
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <!--
- These loggers are not used in code (yet).
- <property name="securityLogName" value="security" />
- <property name="policyLogName" value="policy" />
- <property name="performanceLogName" value="performance" />
- <property name="serverLogName" value="server" />
- -->
- <!-- Example evaluator filter applied against console appender -->
- <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF Appenders -->
- <!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELF">
- <file>${logDirectory}/${generalLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- <filter class="org.openecomp.portalapp.util.CustomLoggingFilter" />
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELF">
- <queueSize>${queueSize}</queueSize>
- <!-- Class name is part of caller data -->
- <includeCallerData>true</includeCallerData>
- <appender-ref ref="EELF" />
- </appender>
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFMetrics" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError">
- <file>${logDirectory}/${errorLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFError" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug">
- <file>${logDirectory}/${debugLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- daily rollover -->
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>true</includeCallerData>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF loggers -->
- <!-- ============================================================================ -->
- <logger additivity="false" level="info" name="com.att.eelf.audit">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger additivity="false" level="info" name="com.att.eelf.metrics">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
- <logger additivity="false" level="info" name="com.att.eelf.error">
- <appender-ref ref="asyncEELFError" />
- </logger>
- <logger additivity="false" level="debug" name="com.att.eelf.debug">
- <appender-ref ref="asyncEELFDebug" />
- </logger>
- <root level="INFO">
- <appender-ref ref="asyncEELFDebug" />
- </root>
-</configuration>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-
-<configuration debug="true" scan="true" scanPeriod="3 seconds">
- <!--<jmxConfigurator /> -->
- <!-- specify the base path of the log directory -->
- <property name="logDir" value="/var/log/onap" />
- <!-- specify the component name -->
- <property name="componentName" value="policy" />
- <!-- specify the sub component name -->
- <property name="subComponentName" value="xacml-pap-rest" />
- <!-- The directories where logs are written -->
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
- <!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <!-- Example evaluator filter applied against console appender -->
- <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF Appenders -->
- <!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFMetrics" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError">
- <file>${logDirectory}/${errorLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFError" />
- </appender>
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug">
- <file>${logDirectory}/${debugLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>true</includeCallerData>
- </appender>
- <!-- ============================================================================ -->
- <!-- EELF loggers -->
- <!-- ============================================================================ -->
- <logger additivity="false" level="info" name="com.att.eelf.audit">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger additivity="false" level="info" name="com.att.eelf.metrics">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
- <logger additivity="false" level="info" name="com.att.eelf.error">
- <appender-ref ref="asyncEELFError" />
- </logger>
- <logger additivity="false" level="debug" name="com.att.eelf.debug">
- <appender-ref ref="asyncEELFDebug" />
- </logger>
- <root level="INFO">
- <appender-ref ref="asyncEELFDebug" />
- </root>
-</configuration>
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# configs component installation configuration parameters
-
-# tomcat specific parameters
-
-TOMCAT_JMX_PORT=9993
-TOMCAT_SHUTDOWN_PORT=8090
-SSL_HTTP_CONNECTOR_PORT=8443
-SSL_HTTP_CONNECTOR_REDIRECT_PORT=8443
-SSL_AJP_CONNECTOR_PORT=8383
-SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
-
-TOMCAT_X_MS_MB=2048
-TOMCAT_X_MX_MB=2048
-
-# ------------------ console properties ---------------------------
-
-#
-# Authorization Policy
-
-ROOT_POLICIES=admin
-ADMIN_FILE=Policy-Admin.xml
-
-
-# Set your domain here:
-
-REST_ADMIN_DOMAIN=com
-
-#
-# Location where the GIT repository is located
-#
-REST_ADMIN_REPOSITORY=repository
-
-#
-# Location where all the user workspaces are located.
-#
-REST_ADMIN_WORKSPACE=/opt/app/policy/servers/console/bin/workspace
-
-#
-# These can be set so the Admin Console knows who is logged on. Ideally, you can run the console in a J2EE
-# container and setup authentication as you please. Setting HttpSession attribute values will override these
-# values set in the properties files.
-#
-# ((HttpServletRequest) request).getSession().setAttribute("xacml.rest.admin.user.name", "Homer");
-#
-# The default policy: Policy-Admin.xml is extremely simple.
-#
-# You can test authorization within the Admin Console by changing the user id.
-# There are 3 supported user ids:
-# guest - Read only access
-# editor - Read/Write access
-# admin - Read/Write/Admin access
-#
-# An empty or null value for xacml.rest.admin.user.id results in no access to the application at all.
-#
-# This is for development/demonstration purposes only. A production environment should provide authentication which is
-# outside the scope of this application. This application can be used to develop a XACML policy for user authorization
-# within this application.
-#
-
-REST_ADMIN_USER_NAME=Administrator
-REST_ADMIN_USER_ID=super-admin
-
-#
-#
-# Property to declare the max time frame for logs.
-#
-LOG_TIMEFRAME=30
-
-# Property to declare the number of visible rows for users in MicroService Policy
-COLUMN_COUNT=3
-
-# Dashboard refresh rate in miliseconds
-REFRESH_RATE=40000
-
-#
-# URL location for the PAP servlet.
-#
-
-
-REST_PAP_URL=https://{{.Values.global.pap.nameOverride}}:{{.Values.service.externalPort2}}/pap/
-
-#
-# Config/Action Properties location.
-#
-
-REST_CONFIG_HOME=/opt/app/policy/servers/pap/webapps/Config/
-REST_ACTION_HOME=/opt/app/policy/servers/pap/webapps/Action/
-REST_CONFIG_URL=https://{{.Values.global.pap.nameOverride}}:{{.Values.service.externalPort2}}/
-REST_CONFIG_WEBAPPS=/opt/app/policy/servers/pap/webapps/
-
-# PAP account information
-CONSOLE_PAP_HTTP_USER_ID=testpap
-CONSOLE_PAP_HTTP_PASSWORD=alpha123
-
-
-node_type=pap_admin
-resource_name=console_1
-
-# The (optional) period of time in seconds between executions of the integrity audit.
-# Value < 0 : Audit does not run (default value if property is not present = -1)
-# Value = 0 : Audit runs continuously
-# Value > 0 : The period of time in seconds between execution of the audit on a particular node
-integrity_audit_period_seconds=-1
-
-#Automatic Policy Distribution
-automatic_push=false
-
-#Diff of policies for Firewall feature
-FW_GETURL=
-FW_AUTHOURL=
-FW_PROXY=
-FW_PORT=
-
-#SMTP Server Details for Java Mail
-onap_smtp_host=
-onap_smtp_port=25
-onap_smtp_userName=
-onap_smtp_password=
-onap_smtp_emailExtension=
-onap_application_name=
-
-#-----------------------ONAP-PORTAL-Properties----------------------
-
-ONAP_REDIRECT_URL=https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm
-ONAP_REST_URL=https://portal-app:8443/ONAPPORTAL/auxapi
-ONAP_UEB_URL_LIST=
-ONAP_PORTAL_INBOX_NAME=
-ONAP_UEB_APP_KEY=ueb_key_5
-ONAP_UEB_APP_SECRET=ueb_key_5
-ONAP_UEB_APP_MAILBOX_NAME=
-APP_DISPLAY_NAME=ONAP Policy
-ONAP_SHARED_CONTEXT_REST_URL=http://portal-app.{{.Release.Namespace}}:8989/ONAPPORTAL/context
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# elasticsearch
-
-ELK_JMX_PORT=9995
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# mysql scripts component installation configuration parameters
-
-# Path to mysql bin
-MYSQL_BIN=/usr/local/mysql/bin
-
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#! /bin/bash
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# pap component installation configuration parameters
-
-# tomcat specific parameters
-
-TOMCAT_JMX_PORT=9990
-TOMCAT_SHUTDOWN_PORT=9405
-SSL_HTTP_CONNECTOR_PORT=9091
-SSL_AJP_CONNECTOR_PORT=8380
-SSL_AJP_CONNECTOR_REDIRECT_PORT=8443
-
-TOMCAT_X_MS_MB=1024
-TOMCAT_X_MX_MB=1024
-
-# pap properties
-
-PAP_PDPS=/opt/app/policy/servers/pap/bin/pdps
-PAP_URL=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort2}}/pap/
-
-PAP_INITIATE_PDP=true
-PAP_HEARTBEAT_INTERVAL=10000
-PAP_HEARTBEAT_TIMEOUT=10000
-
-REST_ADMIN_DOMAIN=com
-REST_ADMIN_REPOSITORY=repository
-REST_ADMIN_WORKSPACE=workspace
-
-# PDP related properties
-PAP_PDP_URL=https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-0.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-1.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-2.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-3.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/
-PAP_PDP_HTTP_USER_ID=testpdp
-PAP_PDP_HTTP_PASSWORD=alpha123
-
-PAP_HTTP_USER_ID=testpap
-PAP_HTTP_PASSWORD=alpha123
-
-#new values added 10-21-2015
-PROP_PAP_TRANS_WAIT=500000
-PROP_PAP_TRANS_TIMEOUT=5000
-PROP_PAP_AUDIT_TIMEOUT=300000
-PROP_PAP_RUN_AUDIT_FLAG=true
-PROP_PAP_AUDIT_FLAG=true
-
-PROP_PAP_INCOMINGNOTIFICATION_TRIES=4
-
-
-node_type=pap
-resource_name=pap_1
-dependency_groups=paplp_1
-test_via_jmx=true
-
-# The (optional) period of time in seconds between executions of the integrity audit.
-# Value < 0 : Audit does not run (default value if property is not present = -1)
-# Value = 0 : Audit runs continuously
-# Value > 0 : The period of time in seconds between execution of the audit on a particular node
-integrity_audit_period_seconds=-1
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# JVM specific parameters
-LOGPARSER_JMX_PORT=9996
-LOGPARSER_X_MS_MB=1024
-LOGPARSER_X_MX_MB=1024
-
-SERVER=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort2}}/pap/
-LOGPATH=/var/log/onap/policy/pap/pap-rest.log
-PARSERLOGPATH=/opt/app/policy/servers/paplp/bin/IntegrityMonitor.log
-
-node_type=logparser
-# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase
-resource_name=paplp_1
+++ /dev/null
-# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/xacml-pap-rest/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-sdk-log-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/ep_sdk_app/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-pe-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }}
----
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-db-configmap
namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/db.sh").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: JDBC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: JDBC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input
- name: pe
- - mountPath: /config
- name: pe-processed
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ include "common.release" . }}-galera-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - command:
- - /bin/bash
- - ./do-start.sh
- - pap
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- - containerPort: {{ .Values.service.externalPort2 }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: PRELOAD_POLICIES
- value: "{{ .Values.config.preloadPolicies }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /tmp/policy-install/config/pap-tweaks.sh
- name: pe-pap
- subPath: pap-tweaks.sh
- - mountPath: /tmp/policy-install/config/paplp.conf
- name: pe-pap
- subPath: paplp.conf
- - mountPath: /tmp/policy-install/config/pap.conf
- name: pe-pap
- subPath: pap.conf
- - mountPath: /tmp/policy-install/config/mysql.conf
- name: pe-pap
- subPath: mysql.conf
- - mountPath: /tmp/policy-install/config/elk.conf
- name: pe-pap
- subPath: elk.conf
- - mountPath: /tmp/policy-install/config/console.conf
- name: pe-pap
- subPath: console.conf
- - mountPath: /tmp/policy-install/config/base.conf
- name: pe-processed
- subPath: base.conf
- - mountPath: /tmp/policy-install/do-start.sh
- name: pe-scripts
- subPath: do-start.sh
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /tmp/policy-install/logback.xml
- name: policy-sdk-logback
- subPath: logback.xml
- - mountPath: /tmp/logback.xml
- name: policy-logback
- subPath: logback.xml
- lifecycle:
- postStart:
- exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/opt/app/policy/servers/pap/webapps/pap/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; export SRC=/tmp/policy-install/logback.xml; export DST=/opt/app/policy/servers/console/webapps/onap/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
- - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.global.loggingImage | default .Values.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /usr/share/filebeat/data
- name: policy-data-filebeat
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-filebeat-configmap
- - name: policy-logs
- emptyDir: {}
- - name: policy-data-filebeat
- emptyDir: {}
- - name: policy-logback
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- - name: policy-sdk-logback
- configMap:
- name: {{ include "common.fullname" . }}-sdk-log-configmap
- - name: pe
- configMap:
- name: {{ include "common.release" . }}-pe-configmap
- defaultMode: 0755
- - name: pe-scripts
- configMap:
- name: {{ include "common.release" . }}-pe-scripts-configmap
- defaultMode: 0777
- - name: pe-pap
- configMap:
- name: {{ include "common.fullname" . }}-pe-configmap
- defaultMode: 0755
- - name: pe-processed
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{/*
# Copyright © 2018 Amdocs, Bell Canada
+# Modifications Copyright © 2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: batch/v1
kind: Job
metadata:
- name: {{ include "common.release" . }}-galera-config
+ name: {{ include "common.release" . }}-policy-galera-config
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}-job
initContainers:
#This container checks that all galera instances are up before initializing it.
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
- --container-name
- {{ index .Values "mariadb-galera" "service" "name" }}
env:
apiVersion: v1
fieldPath: metadata.namespace
containers:
- - name: {{ include "common.release" . }}-galera-config
+ - name: {{ include "common.release" . }}-policy-galera-config
image: {{ .Values.mariadb_image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
+ resources:
+{{ include "common.resources" . }}
restartPolicy: Never
volumes:
- name: {{ include "common.fullname" . }}-config
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T, Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2020 AT&T
+# Modifications Copyright © 2018-2020 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- envsubstImage: dibi/envsubst
- ubuntuImage: ubuntu:16.04
- pdp:
- nameOverride: pdp
- pap:
- nameOverride: pap
- drools:
- nameOverride: drools
- brmwgw:
- nameOverride: brmsgw
- nexus:
- nameOverride: nexus
+ readinessImage: onap/oom/readiness:3.0.1
+ aafEnabled: true
mariadb:
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
passwordPolicy: generate
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.4
-mariadb_image: library/mariadb:10
-pullPolicy: Always
-
-subChartsOnly:
- enabled: true
-
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
-pap:
- nameOverride: pap
+policy-api:
+ enabled: true
db: *dbSecretsHook
-pdp:
- nameOverride: pdp
+policy-pap:
+ enabled: true
db: *dbSecretsHook
-drools:
- nameOverride: drools
+policy-xacml-pdp:
+ enabled: true
db: *dbSecretsHook
-brmsgw:
- nameOverride: brmsgw
+policy-apex-pdp:
+ enabled: true
db: *dbSecretsHook
-policy-api:
+policy-drools-pdp:
+ enabled: true
db: *dbSecretsHook
-policy-xacml-pdp:
+policy-distribution:
+ enabled: true
db: *dbSecretsHook
+policy-nexus:
+ enabled: false
-nexus:
- nameOverride: nexus
+#################################################################
+# DB configuration defaults.
+#################################################################
+
+repository: nexus3.onap.org:10001
+mariadb_image: library/mariadb:10
+pullPolicy: Always
+
+subChartsOnly:
+ enabled: true
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- preloadPolicies: false
- pdpPort: 8081
-
# default number of instances
replicaCount: 1
initialDelaySeconds: 10
periodSeconds: 10
-service:
- type: NodePort
- name: pap
- portName: pap
- internalPort: 8443
- externalPort: 8443
- nodePort: 19
- internalPort2: 9091
- externalPort2: 9091
- nodePort2: 18
-
-ingress:
- enabled: false
- service:
- - baseaddr: "policy.api"
- name: "pap"
- port: 8443
- config:
- ssl: "redirect"
-
mariadb-galera:
# mariadb-galera.config and global.mariadb.config must be equals
config:
lower_case_table_names = 1
# Resource Limit flavor -By Default using small
+# Segregation for Different environment (small, large, or unlimited)
flavor: small
-# Segregation for Different environment (Small and Large)
resources:
small:
limits:
cpu: 1
memory: 4Gi
requests:
- cpu: 10m
+ cpu: 100m
memory: 1Gi
large:
limits:
cpu: 2
memory: 8Gi
requests:
- cpu: 20m
+ cpu: 200m
memory: 2Gi
unlimited: {}
+
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License
-
-spring.jersey.type=filter
-spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
-
-server.contextPath=/aaicontextbuilder
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-
-#This property is used to set the Tomcat connector attributes.developers can define multiple attributes separated by comma
-#tomcat.connector.attributes=allowTrace-true
-#The max number of active threads in this pool
-server.tomcat.max-threads=200
-#The minimum number of threads always kept alive
-server.tomcat.min-spare-threads=25
-
-# AAI REST Client Configuration
-aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}}
-aai.servicePort={{ .Values.config.aaiPort }}
-# AAI APIs authentication mode. Valid values: [basic_auth, client_cert]
-aai.authentication=basic_auth
-aai.trustStorePath=n/a
-aai.keyStorePath=n/a
-aai.keyStorePassword=n/a
-aai.username={{ .Values.config.aaiUsername }}
-aai.password={{ .Values.config.aaiPassword }}
-aai.httpProtocol={{ .Values.config.aaiHttpProtocol }}
-aai.connectionTimeout={{ .Values.config.aaiConnectionTimeout }}
-aai.readTimeout={{ .Values.config.aaiReadTimeout }}
-
-# HTTP Basic Authorization credentials for Rest Service API
-http.userId={{ .Values.config.httpUserId }}
-http.password={{ .Values.config.httpPassword }}
-
-aai.searchNodeQuery=/aai/v13/nodes/service-instance/{0}
-
-#Servlet context parameters
-server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /opt/app/logs
- readOnly: false
- - mountPath: /opt/app/config/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
- subPath: logback.xml
- - name: {{ include "common.fullname" . }}-logs-eelf
- mountPath: /opt/app/logs/EELF
- readOnly: false
- - mountPath: /opt/app/config/application.properties
- name: {{ include "common.fullname" . }}-config
- subPath: application.properties
- readOnly: true
-
-
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /opt/app/logs
-
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- - name: {{ include "common.fullname" . }}-log-conf
- configMap:
- name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-pomba-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs-eelf
- emptyDir: {}
-
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- #Example internal target port if required
- #targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName | default "http" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName | default "http" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- repository: nexus3.onap.org:10001
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/pomba-aai-context-builder:1.5.1
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-config:
- aaiServiceName: aai
- aaiPort: 8443
- aaiUsername: AAI
- aaiPassword: OBF:1gfr1ev31gg7
- aaiHttpProtocol: https
- aaiConnectionTimeout: 60000
- aaiReadTimeout: 60000
- # HTTP Basic Authorization credentials for Rest Service API
- httpUserId: admin
- httpPassword: OBF:1u2a1toa1w8v1tok1u30
-
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
-
-#Example service definition with external, internal and node ports.
-service:
- # The default service name (exposed in the service.yaml) will be the same
- # name as the chart. If the service name needs to be overriden (such as
- # when a subchart is shared), uncomment the value below.
- #name: <service-name-override>
-
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: ClusterIP
- externalPort: 9530
- internalPort: 8080
-# nodePort: <replace with unused node port suffix eg. 23>
- # optional port name override - default can be defined in service.yaml
- #portName: http
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 800Mi
- requests:
- cpu: 100m
- memory: 400Mi
- large:
- limits:
- cpu: 2
- memory: 1600Mi
- requests:
- cpu: 200m
- memory: 800Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-server.port=9529
-server.ssl.key-store=/auth/tomcat_keystore
-server.ssl.key-store-password=onapSecret
-server.ssl.key-password=onapSecret
-
-builders.properties.path=config/builders/
-
-# Transport Configuration
-transport.consume.host=message-router
-transport.consume.port=3904
-transport.consume.topic=POA-AUDIT-INIT
-transport.consume.motsid=motsid@motsid.com
-transport.consume.pass=1234
-transport.consume.consumergroup=audit1
-transport.consume.consumerid=audit1
-transport.consume.timeout=15000
-transport.consume.batchsize=8
-transport.consume.type=HTTPAUTH
-transport.message-router.apiKey=apiKeyTemp123
-transport.message-router.apiSecret=apiSecretTemp123
-transport.message-router.requiredPombaTopics=POA-AUDIT-INIT,POA-AUDIT-RESULT,POA-RULE-VALIDATION
-
-transport.publish.host=message-router
-transport.publish.port=3904
-transport.publish.topic=POA-RULE-VALIDATION
-transport.publish.motsid=motsid@motsid.com
-transport.publish.pass=1234
-transport.publish.batchsize=8
-transport.publish.maxage=1000
-transport.publish.delay=1000
-transport.publish.type=HTTPAUTH
-transport.publish.partition=1
-transport.publish.retries=4
-
-event.header.domain=onap
-event.header.source-name=RO
-event.header.event-type=POA-EVENT
-event.header.entity-type=poa-entity
-event.header.top-entity-type=poa-entity
-event.header.topic-name=POA-RULE-VALIDATION
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-server.host={{ .Values.config.aaiCtxBuilderHost }}
-basicauth.username={{ .Values.config.aaiCtxBuilderUsername }}
-basicauth.password={{ .Values.config.aaiCtxBuilderPassword }}
-server.port={{ .Values.config.ctxBuilderExternalPort }}
-server.protocol=http
-trust.store.path=/auth/tomcat_keystore
-key.store.path=/auth/aai-client-cert.p12
-key.store.password=70c87528c88dcd9f9c2558d30e817868
-key.store.type=PKCS12
-key.manager.factory.algorithm=SunX509
-security.protocol=TLS
-connection.timeout.ms=60000
-read.timeout.ms=60000
-base.uri=/aaicontextbuilder/v2/service/context
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-server.host={{ .Values.global.networkdiscoveryCtxBuilderHost }}
-basicauth.username={{ .Values.config.networkdiscoveryCtxBuilderUsername }}
-basicauth.password={{ .Values.config.networkdiscoveryCtxBuilderPassword }}
-server.port={{ .Values.config.ctxBuilderExternalPort }}
-server.protocol=http
-trust.store.path=/auth/tomcat_keystore
-key.store.path=/auth/aai-client-cert.p12
-key.store.password=70c87528c88dcd9f9c2558d30e817868
-key.store.type=PKCS12
-key.manager.factory.algorithm=SunX509
-security.protocol=TLS
-connection.timeout.ms=60000
-read.timeout.ms=60000
-base.uri=/ndcontextbuilder/service/context
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-server.host={{ .Values.config.sdcCtxBuilderHost }}
-basicauth.username={{ .Values.config.sdcCtxBuilderUsername }}
-basicauth.password={{ .Values.config.sdcCtxBuilderPassword }}
-server.port={{ .Values.config.ctxBuilderExternalPort }}
-server.protocol=http
-trust.store.path=/auth/tomcat_keystore
-key.store.path=/auth/aai-client-cert.p12
-key.store.password=70c87528c88dcd9f9c2558d30e817868
-key.store.type=PKCS12
-key.manager.factory.algorithm=SunX509
-security.protocol=TLS
-connection.timeout.ms=60000
-read.timeout.ms=60000
-base.uri=/sdccontextbuilder/v2/service/context
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-server.host={{ .Values.config.sdncCtxBuilderHost }}
-basicauth.username={{ .Values.config.sdncCtxBuilderUsername }}
-basicauth.password={{ .Values.config.sdncCtxBuilderPassword }}
-server.port={{ .Values.config.ctxBuilderExternalPort }}
-server.protocol=http
-trust.store.path=/auth/tomcat_keystore
-key.store.path=/auth/aai-client-cert.p12
-key.store.password=70c87528c88dcd9f9c2558d30e817868
-key.store.type=PKCS12
-key.manager.factory.algorithm=SunX509
-security.protocol=TLS
-connection.timeout.ms=60000
-read.timeout.ms=60000
-base.uri=/sdnccontextbuilder/v1/service/context
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap-builders
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/builders/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - message-router
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{- if .Values.liveness.enabled }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{- end }}
- {{- if .Values.readiness.enabled }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- {{- end }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /opt/app/config/application.properties
- name: {{ include "common.fullname" . }}-config
- subPath: application.properties
- readOnly: true
- - mountPath: /opt/app/config/builders
- name: {{ include "common.fullname" . }}-config-builders
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /opt/app/logs
- readOnly: false
- - mountPath: /opt/app/config/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
- subPath: logback.xml
- - name: {{ include "common.fullname" . }}-logs-eelf
- mountPath: /opt/app/logs/EELF
- readOnly: false
-
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{- toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{- toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /opt/app/logs
-
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- - name: {{ include "common.fullname" . }}-config-builders
- configMap:
- name: {{ include "common.fullname" . }}-configmap-builders
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-pomba-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-log-conf
- configMap:
- name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-logs-eelf
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- #Example internal target port if required
- #targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName | default "http" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName | default "http" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/pomba-context-aggregator:1.5.1
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- aaiCtxBuilderHost: pomba-aaictxbuilder
- aaiCtxBuilderUsername: admin
- aaiCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
- sdcCtxBuilderHost: pomba-sdcctxbuilder
- sdcCtxBuilderUsername: admin
- sdcCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
- sdncCtxBuilderHost: pomba-sdncctxbuilder
- sdncCtxBuilderUsername: admin
- sdncCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
- networkdiscoveryCtxBuilderUsername: admin
- networkdiscoveryCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
- ctxBuilderExternalPort: 9530
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
- enabled: false
-
-#Example service definition with external, internal and node ports.
-service:
- # The default service name (exposed in the service.yaml) will be the same
- # name as the chart. If the service name needs to be overriden (such as
- # when a subchart is shared), uncomment the value below.
- #name: <service-name-override>
-
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: ClusterIP
- externalPort: 9529
- internalPort: 9529
- #nodePort: <replace with unused node port suffix eg. 23>
- # optional port name override - default can be defined in service.yaml
- #portName: http
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 800Mi
- requests:
- cpu: 10m
- memory: 400Mi
- large:
- limits:
- cpu: 2
- memory: 1600Mi
- requests:
- cpu: 20m
- memory: 800Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# Properties for the SchemaLocationsBean
-# The AAI Schema jar will be unpacked to bundleconfig/etc
-schemaConfig=NA
-# OXM files named aai_oxm_v*.xml are unpacked here:
-nodeDir=/opt/app/data-router/bundleconfig/etc/oxm
-# DB Edge Rules are unpacked here:
-edgeDir=
-# DB Edge Property files are copied here:
-edgePropsDir=
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-prop
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dynamic
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/dynamic/routes/audit.route").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/dynamic/conf/audit-bean.xml").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/dynamic/routes/poaValidation.route").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/dynamic/conf/poa-validation-bean.xml").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - pomba-search-data
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - command:
- - /bin/sh
- - -c
- - |
- mkdir -p /logroot/data-router/logs
- chmod -R 777 /logroot/data-router/logs
- chown -R root:root /logroot
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- securityContext:
- privileged: true
- image: {{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: init-sysctl
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /logroot/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: SERVICE_BEANS
- value: /opt/app/data-router/dynamic/conf
- - name: CONFIG_HOME
- value: /opt/app/data-router/config/
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: DYNAMIC_ROUTES
- value: /opt/app/data-router/dynamic/routes
- - name: KEY_MANAGER_PASSWORD
- value: {{ .Values.config.keyManagerPassword }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /opt/app/data-router/config/auth
- name: {{ include "common.fullname" . }}-auth
- - mountPath: /opt/app/data-router/config/data-router.properties
- subPath: data-router.properties
- name: {{ include "common.fullname" . }}-properties
- - mountPath: /opt/app/data-router/config/schemaIngest.properties
- subPath: schemaIngest.properties
- name: {{ include "common.fullname" . }}-properties
- - mountPath: /opt/app/data-router/dynamic/routes/audit.route
- subPath: audit.route
- name: {{ include "common.fullname" . }}-dynamic-route
- - mountPath: /opt/app/data-router/dynamic/routes/poaValidation.route
- subPath: poaValidation.route
- name: {{ include "common.fullname" . }}-dynamic-route
- - mountPath: /opt/app/data-router/dynamic/conf/audit-bean.xml
- subPath: audit-bean.xml
- name: {{ include "common.fullname" . }}-dynamic-policy
- - mountPath: /opt/app/data-router/dynamic/conf/poa-validation-bean.xml
- subPath: poa-validation-bean.xml
- name: {{ include "common.fullname" . }}-dynamic-policy
- - mountPath: /logs/
- name: {{ include "common.fullname" . }}-logs
- resources:
-{{ include "common.resources" . | indent 10 }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
-
- # Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /opt/app/logs
-
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-auth
- secret:
- secretName: {{ include "common.fullname" . }}
- - name: {{ include "common.fullname" . }}-properties
- configMap:
- name: {{ include "common.fullname" . }}-prop
- items:
- - key: data-router.properties
- path: data-router.properties
- - key: schemaIngest.properties
- path: schemaIngest.properties
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-pomba-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-dynamic-route
- configMap:
- name: {{ include "common.fullname" . }}-dynamic
- - name: {{ include "common.fullname" . }}-dynamic-policy
- configMap:
- name: {{ include "common.fullname" . }}-dynamic
- - name: {{ include "common.fullname" . }}-logs
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# Default values for data-router.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-
-# Global configuration defaults
-global:
- nodePortPrefix: 302
- persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
-# application image
-repository: nexus3.onap.org:10001
-image: onap/data-router:1.3.3
-pullPolicy: Always
-restartPolicy: Always
-
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
-
-
-# application configuration
-config:
- keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
- keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 30
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 30
-
-service:
- name: pomba-data-router
- type: NodePort
- externalPort: 9502
- internalPort: 9502
- nodePort: 49
-
-ingress:
- enabled: false
- service:
- - baseaddr: "pombadatarouter"
- name: "pomba-data-router"
- port: 9502
- config:
- ssl: "none"
-
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- ## storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: pomba/data-router/logs
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 1400Mi
- requests:
- cpu: 100m
- memory: 700Mi
- large:
- limits:
- cpu: 2
- memory: 2800Mi
- requests:
- cpu: 200m
- memory: 1400Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /bin/sh
- - -c
- - |
- sysctl -w vm.max_map_count=262144
- mkdir -p /logroot/elasticsearch/logs
- mkdir -p /logroot/elasticsearch/data
- chmod -R 777 /logroot/elasticsearch
- chown -R root:root /logroot
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- securityContext:
- privileged: true
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: init-sysctl
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /logroot/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- - containerPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name2 }}
-# disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort2 }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
- name: {{ include "common.fullname" . }}-config
- subPath: elasticsearch.yml
- - mountPath: /usr/share/elasticsearch/data/
- name: {{ include "common.fullname" . }}-data
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- items:
- - key: elasticsearch.yml
- path: elasticsearch.yml
- - name: {{ include "common.fullname" . }}-data
- {{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- - name: {{ include "common.fullname" . }}-logs
- {{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-logs
- {{- else }}
- emptyDir: {}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name2 }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type2 }}
- ports:
- {{if eq .Values.service.type2 "NodePort" -}}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.name2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
-
-# application image
-loggingRepository: docker.elastic.co
-image: elasticsearch/elasticsearch:6.6.2
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 120
- periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- accessMode: ReadWriteOnce
- size: 1Gi
- mountPath: /dockerdata-nfs
- mountSubPath: pomba/elasticsearch/data
- mountSubPathLogs: pomba
-
-service:
- type: ClusterIP
- name: pomba-es
- externalPort: 9200
- internalPort: 9200
- type2: ClusterIP
- name2: pomba-es-tcp
- externalPort2: 9300
- internalPort2: 9300
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 3Gi
- requests:
- cpu: 1
- memory: 1.5Gi
- large:
- limits:
- cpu: 4
- memory: 6Gi
- requests:
- cpu: 2
- memory: 3Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-#!/bin/bash
-
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-mkdir -p /usr/share/kibana/auth
-chmod 0777 /usr/share/kibana/auth
-
-cp /opt/app/auth/* /usr/share/kibana/auth/.
-
-chmod 0400 /usr/share/kibana/auth/*
-
-/usr/share/kibana/node/bin/node --no-warnings /usr/share/kibana/src/cli --cpu.cgroup.path.override=/ --cpuacct.cgroup.path.override=/
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-auth
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/auth/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-bin
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/bin/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - pomba-elasticsearch
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - args:
- - --output=http://{{.Values.config.elasticsearchServiceName}}.{{ include "common.namespace" . }}:{{.Values.config.elasticsearchPort}}/.kibana
- - --input=/config/default-mapping.json
- - --type=mapping
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.configRepository }}/{{ .Values.configImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-config-map
- volumeMounts:
- - mountPath: /config/default-mapping.json
- name: {{ include "common.fullname" . }}
- subPath: default-mapping.json
- - args:
- - --output=http://{{.Values.config.elasticsearchServiceName}}.{{ include "common.namespace" . }}:{{.Values.config.elasticsearchPort}}/.kibana
- - --input=/config/default.json
- - --type=data
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.configRepository }}/{{ .Values.configImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-config
- volumeMounts:
- - mountPath: /config/default.json
- name: {{ include "common.fullname" . }}
- subPath: default.json
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/bin/bash"]
- args: ["-c", "/opt/app/bin/kibana_start.sh"]
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- readinessProbe:
- httpGet:
- path: "/"
- scheme: "HTTPS"
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
-# disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- httpGet:
- path: "/"
- scheme: "HTTPS"
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end -}}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/share/kibana/config
- name: {{ include "common.fullname" . }}
- - mountPath: /opt/app/auth
- name: {{ include "common.fullname" . }}-auth
- - mountPath: /opt/app/bin
- name: {{ include "common.fullname" . }}-bin
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: kibana.yml
- path: kibana.yml
- - key: default.json
- path: default.json
- - key: default-mapping.json
- path: default-mapping.json
- - name: {{ include "common.fullname" . }}-auth
- configMap:
- name: {{ include "common.fullname" . }}-auth
- defaultMode: 0777
- - name: {{ include "common.fullname" . }}-bin
- configMap:
- name: {{ include "common.fullname" . }}-bin
- defaultMode: 0777
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# Configuration image
-configRepository: docker.io
-configImage: taskrabbit/elasticsearch-dump
-
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
-
-# application image
-loggingRepository: docker.elastic.co
-image: kibana/kibana:6.6.2
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- elasticsearchServiceName: pomba-es
- elasticsearchPort: 9200
-
- #Enable HTTPS
- serverSslEnabled: true
- serverSslCertificate: /usr/share/kibana/auth/pomba.crt.pem
- serverSslKey: /usr/share/kibana/auth/pomba.key.pem
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 300
- periodSeconds: 10
- timeoutSeconds: 1
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 300
- periodSeconds: 10
- timeoutSeconds: 1
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: NodePort
- name: pomba-kibana
- externalPort: 5601
- internalPort: 5601
- nodePort: 34
-
-ingress:
- enabled: false
- service:
- - baseaddr: "pombakibana"
- name: "pomba-kibana"
- port: 5601
- config:
- ssl: "none"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 1600Mi
- requests:
- cpu: 1
- memory: 800Mi
- large:
- limits:
- cpu: 4
- memory: 3200Mi
- requests:
- cpu: 2
- memory: 1600Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 Amdocs\r
-#\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-\r
-dependencies:\r
- - name: common\r
- version: ~6.x-0\r
- repository: '@local'\r
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License
-
-spring.jersey.type=filter
-
-#Enable HTTPS
-server.port={{ .Values.config.serverSslPort }}
-server.ssl.key-store={{ .Values.config.serverSslKeyStore }}
-server.ssl.key-store-password={{ .Values.config.serverSslKeyStorePassword }}
-server.ssl.client-auth={{ .Values.config.serverSslClientAuth }}
-server.ssl.enabled={{ .Values.config.serverSslEnabled }}
-server.ssl.enabled-protocols={{ .Values.config.serverSslEnabledProtocols }}
-
-# Basic Authentication
-basicAuth.username={{ .Values.config.networkDiscoveryUserId }}
-basicAuth.password={{ .Values.config.networkDiscoveryPassword }}
-
-openstack.identity.url ={{ .Values.config.openstackIdentityUrl }}
-openstack.identity.user ={{ .Values.config.openstackUserId }}
-openstack.identity.password ={{ .Values.config.openstackPassword }}
-
-openstack.types = vserver, l3-network, port
-openstack.type.vserver.url = {{ .Values.config.openstackTypeVserverUrl }}
-openstack.type.l3-network.url = {{ .Values.config.openstackTypeL3NetworkUrl }}
-openstack.type.port.url = {{ .Values.config.openstackTypePortUrl }}
-
-openstack.api.microversion = 2.42
-
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /opt/app/logs
- readOnly: false
- - mountPath: /opt/app/config/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
- subPath: logback.xml
- - mountPath: /opt/app/config/application.properties
- name: {{ include "common.fullname" . }}-config
- subPath: application.properties
- readOnly: true
- - mountPath: /opt/app/config/auth/client-cert-onap.p12
- name: {{ include "common.fullname" . }}-auth-secret
- subPath: client-cert-onap.p12
- readOnly: true
- - mountPath: /opt/app/config/auth/tomcat_keystore
- name: {{ include "common.fullname" . }}-auth-secret
- subPath: tomcat_keystore
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs-eelf
- mountPath: /opt/app/logs/EELF
- readOnly: false
-
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /opt/app/logs
-
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-log-conf
- configMap:
- name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- - name: {{ include "common.fullname" . }}-auth-secret
- secret:
- secretName: {{ include "common.fullname" . }}-auth
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-pomba-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs-eelf
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T\r
-#\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-\r
-apiVersion: v1\r
-kind: Secret\r
-metadata:\r
- name: {{ include "common.fullname" . }}-auth\r
- namespace: {{ include "common.namespace" . }}\r
- labels:\r
- app: {{ include "common.name" . }}\r
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
- release: {{ include "common.release" . }}\r
- heritage: {{ .Release.Service }}\r
-data:\r
-{{ (.Files.Glob "resources/config/auth/*").AsSecrets | indent 2 }}\r
+++ /dev/null
-# Copyright © 2018 Amdocs\r
-#\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-\r
-apiVersion: v1\r
-kind: Service\r
-metadata:\r
- name: {{ include "common.servicename" . }}\r
- namespace: {{ include "common.namespace" . }}\r
- labels:\r
- app: {{ include "common.name" . }}\r
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
- release: {{ include "common.release" . }}\r
- heritage: {{ .Release.Service }}\r
-spec:\r
- type: {{ .Values.service.type }}\r
- ports:\r
- {{if eq .Values.service.type "NodePort" -}}\r
- - port: {{ .Values.service.externalPort }}\r
- targetPort: {{ .Values.service.internalPort }}\r
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}\r
- name: {{ .Values.service.portName | default "http" }}\r
- {{- else -}}\r
- - port: {{ .Values.service.externalPort }}\r
- targetPort: {{ .Values.service.internalPort }}\r
- name: {{ .Values.service.portName | default "http" }}\r
- {{- end}}\r
- selector:\r
- app: {{ include "common.name" . }}\r
- release: {{ include "common.release" . }}\r
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- repository: nexus3.onap.org:10001
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/network-discovery:1.5.1
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-config:
- # Network Discovery Micro Service REST Client Configuration
-
- #Enable HTTPS
- serverSslPort: 8443
- serverSslKeyStore: /opt/app/config/auth/tomcat_keystore
- serverSslKeyStorePassword: password(OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10)
- serverSslClientAuth: want
- serverSslEnabled: true
- serverSslEnabledProtocols: TLSv1.1,TLSv1.2
-
- # Basic Authorization credentials for Network Discovery Micro Service Rest Service
- networkDiscoveryUserId: admin
- networkDiscoveryPassword: OBF:1u2a1toa1w8v1tok1u30
-
- # Basic Authorization credentials for Openstack Rest APIs
- openstackIdentityUrl: http://10.69.36.11:5000/v3/auth/tokens
- openstackUserId: admin
- openstackPassword: OBF:1w951ugg1vun1uha1w8l
-
- # Openstack Rest API URLs:
- openstackTypeVserverUrl: http://10.69.36.11:8774/v2.1/servers/{0}
- openstackTypeL3NetworkUrl: http://10.69.36.11:9696/v2.0/networks/{0}
- openstackTypePortUrl: http://10.69.36.11:9696/v2.0/ports/{0}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
-
-#Example service definition with external, internal and node ports.
-service:
- # The default service name (exposed in the service.yaml) will be the same
- # name as the chart. If the service name needs to be overriden (such as
- # when a subchart is shared), uncomment the value below.
- #name: <service-name-override>
-
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: NodePort
- name: pomba-networkdiscovery
- externalPort: 9531
- internalPort: 8443
- nodePort: 99
- portName: https
-
-ingress:
- enabled: false
- service:
- - baseaddr: "pombanetworkdiscovery"
- name: "pomba-networkdiscovery"
- port: 8443
- config:
- ssl: "redirect"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 800Mi
- requests:
- cpu: 10m
- memory: 400Mi
- large:
- limits:
- cpu: 2
- memory: 1600Mi
- requests:
- cpu: 20m
- memory: 800Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License
-
-spring.jersey.type=filter
-spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
-
-
-server.contextPath=/ndcontextbuilder
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-
-#This property is used to set the Tomcat connector attributes.developers can define multiple attributes separated by comma
-#tomcat.connector.attributes=allowTrace-true
-#The max number of active threads in this pool
-server.tomcat.max-threads=200
-#The minimum number of threads always kept alive
-server.tomcat.min-Spare-Threads=25
-#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads
-server.tomcat.max-idle-time=60000
-
-
-# Network Discovery Context Builder REST Service
-networkDiscoveryCtxBuilder.httpProtocol={{ .Values.config.networkDiscoveryCtxBuilderHttpProtocol }}
-networkDiscoveryCtxBuilder.serviceName={{ .Values.global.networkdiscoveryCtxBuilderHost }}
-networkDiscoveryCtxBuilder.port={{ .Values.config.networkDiscoveryCtxBuilderPort }}
-# Basic Authorization credentials for Network Discovery Context Builder REST Service
-networkDiscoveryCtxBuilder.userId={{ .Values.config.networkDiscoveryCtxBuilderUserId }}
-networkDiscoveryCtxBuilder.password={{ .Values.config.networkDiscoveryCtxBuilderPassword }}
-networkDiscoveryCtxBuilder.resourceList={{ .Values.config.networkDiscoveryCtxBuilderResourceList }}
-
-# Service Decomposition REST Client Configuration
-serviceDecomposition.httpProtocol={{ .Values.config.serviceDecompositionHttpProtocol }}
-serviceDecomposition.host={{ .Values.config.serviceDecompositionServiceName }}.{{.Release.Namespace}}
-serviceDecomposition.port={{ .Values.config.serviceDecompositionPort }}
-serviceDecomposition.serviceInstancePath={{ .Values.config.serviceDecompositionInstancePath }}
-#Basic Authorization Client credentials for Service Decomposition REST service
-serviceDecomposition.userId={{ .Values.config.serviceDecompositionUserId }}
-serviceDecomposition.password={{ .Values.config.serviceDecompositionPassword }}
-
-# Network Discovery Micro Service REST Client Configuration
-
-networkDiscoveryMicroService.host={{ .Values.config.networkDiscoveryServiceName }}.{{.Release.Namespace}}
-networkDiscoveryMicroService.port={{ .Values.config.networkDiscoveryPort }}
-networkDiscoveryMicroService.httpProtocol={{ .Values.config.networkDiscoveryHttpProtocol }}
-networkDiscoveryMicroService.networkDiscoveryPath={{ .Values.config.networkDiscoveryPath }}
-# Wait for Network Discovery MicroService response in milliseconds
-networkDiscoveryMicroService.responseTimeOutInMilliseconds = {{ .Values.config.networkDiscoveryTimeOutInMilliseconds }}
-# Basic Authorization credentials for Network Discovery Micro Service Rest Service
-networkDiscoveryMicroService.userId={{ .Values.config.networkDiscoveryUserId }}
-networkDiscoveryMicroService.password={{ .Values.config.networkDiscoveryPassword }}
-
-#Servlet context parameters
-server.context_parameters.p-name=value
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /opt/app/logs
- readOnly: false
- - mountPath: /opt/app/config/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
- subPath: logback.xml
- - mountPath: /opt/app/config/application.properties
- name: {{ include "common.fullname" . }}-config
- readOnly: true
- subPath: application.properties
- - name: {{ include "common.fullname" . }}-logs-eelf
- mountPath: /opt/app/logs/EELF
- readOnly: false
-
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /opt/app/logs
-
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- - name: {{ include "common.fullname" . }}-log-conf
- configMap:
- name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-pomba-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs-eelf
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- #Example internal target port if required
- #targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName | default "http" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName | default "http" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- repository: nexus3.onap.org:10001
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/pomba-network-discovery-context-builder:1.5.1
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-config:
- # Network Discovery Context Builder REST Service
- networkDiscoveryCtxBuilderHttpProtocol: http
- networkDiscoveryCtxBuilderPort: 9530
- networkDiscoveryCtxBuilderUserId: admin
- networkDiscoveryCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
- networkDiscoveryCtxBuilderResourceList: vnfcs,vservers,l3-networks
-
- # Service Decomposition REST Client Configuration
- serviceDecompositionHttpProtocol: http
- serviceDecompositionServiceName: pomba-servicedecomposition
- serviceDecompositionPort: 9532
- serviceDecompositionInstancePath: /service-decomposition/service/context
- #Basic Authorization Client credentials for Service Decomposition REST service
- serviceDecompositionUserId: admin
- serviceDecompositionPassword: OBF:1u2a1toa1w8v1tok1u30
-
- # Network Discovery Micro Service REST Client Configuration
- networkDiscoveryServiceName: pomba-networkdiscovery
- networkDiscoveryPort: 9531
- networkDiscoveryHttpProtocol: https
- networkDiscoveryPath: /network-discovery/v1/network/resource
- # Wait for Network Discovery MicroService response in milliseconds
- networkDiscoveryTimeOutInMilliseconds: 60000
- # Basic Authorization credentials for Network Discovery Micro Service Rest Service
- networkDiscoveryUserId: admin
- networkDiscoveryPassword: OBF:1u2a1toa1w8v1tok1u30
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
-
-#Example service definition with external, internal and node ports.
-service:
- # The default service name (exposed in the service.yaml) will be the same
- # name as the chart. If the service name needs to be overriden (such as
- # when a subchart is shared), uncomment the value below.
- #name: <service-name-override>
-
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: ClusterIP
- externalPort: 9530
- internalPort: 8080
-# nodePort: <replace with unused node port suffix eg. 23>
- # optional port name override - default can be defined in service.yaml
- #portName: http
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 800Mi
- requests:
- cpu: 100m
- memory: 400Mi
- large:
- limits:
- cpu: 2
- memory: 1600Mi
- requests:
- cpu: 200m
- memory: 800Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-spring.jersey.type=filter
-spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
-
-server.contextPath=/sdccontextbuilder
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-
-#This property is used to set the Tomcat connector attributes.developers can define multiple attributes separated by comma
-#tomcat.connector.attributes=allowTrace-true
-#The max number of active threads in this pool
-server.tomcat.max-threads=200
-#The minimum number of threads always kept alive
-server.tomcat.min-Spare-Threads=25
-#server.port=9191
-
-#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads
-server.tomcat.max-idle-time=60000
-
-#Application properties
-sdcConnect.username={{ .Values.config.sdcUsername }}
-sdcConnect.password={{ .Values.config.sdcPassword }}
-sdcConnect.consumerID={{ .Values.config.sdcConsumerId }}
-sdcConnect.sdcAddress={{ .Values.config.sdcServiceName }}.{{.Release.Namespace}}:{{ .Values.config.sdcPort }}
-
-# Minimum timeout value is 15 seconds; default is 120000s
-sdcConnect.timeout.seconds=60000
-
-# {0} = UUID
-sdc.url.template=/sdc/v1/catalog/services/{0}/toscaModel
-sdc.artifact.type=TOSCA_CSAR
-
-# Intended name for downloaded temporary CSAR files: csar-[UUID].zip
-# Only .zip and .csar are accepted extensions, default is .zip
-sdc.csar.file.prefix=csar-
-sdc.csar.file.suffix=.zip
-
-# HTTP Basic Authorization credentials for Rest Service API
-http.userId={{ .Values.config.sdcCtxBuilderUserId }}
-http.password={{ .Values.config.sdcCtxBuilderPassword }}
-
-#Servlet context parameters
-server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
-
-#test.tosca.csar.file=\\config\\toscaModel.csar.zip
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /opt/app/config/application.properties
- name: {{ include "common.fullname" . }}-config
- subPath: application.properties
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /opt/app/logs
- readOnly: false
- - mountPath: /opt/app/config/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
- subPath: logback.xml
- - name: {{ include "common.fullname" . }}-logs-eelf
- mountPath: /opt/app/logs/EELF
- readOnly: false
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /opt/app/logs
-
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-log-conf
- configMap:
- name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-pomba-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs-eelf
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- #Example internal target port if required
- #targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName | default "http" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName | default "http" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- repository: nexus3.onap.org:10001
-# readinessRepository: oomk8s
-# readinessImage: readiness-check:2.0.0
-# loggingRepository: docker.elastic.co
-# loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/pomba-sdc-context-builder:1.5.1
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-config:
- #Application properties
- sdcUsername: pomba
- sdcPassword: OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
- sdcConsumerId: pomba
- sdcServiceName: sdc-be
- sdcPort: 8443
- # HTTP Basic Authorization credentials for Rest Service API
- sdcCtxBuilderUserId: admin
- sdcCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
-
-#Example service definition with external, internal and node ports.
-service:
- # The default service name (exposed in the service.yaml) will be the same
- # name as the chart. If the service name needs to be overriden (such as
- # when a subchart is shared), uncomment the value below.
- #name: <service-name-override>
-
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: ClusterIP
- externalPort: 9530
- internalPort: 8080
-# nodePort: <replace with unused node port suffix eg. 23>
- # optional port name override - default can be defined in service.yaml
- #portName: http
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 800Mi
- requests:
- cpu: 100m
- memory: 400Mi
- large:
- limits:
- cpu: 2
- memory: 1600Mi
- requests:
- cpu: 200m
- memory: 800Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2019 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License
-
-spring.jersey.type=filter
-spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
-camel.springboot.xmlRoutes = file:config/dynamic/routes/*.route
-service.xml.beans = config/dynamic/conf/*.xml
-
-server.contextPath=/sdnccontextbuilder
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-
-#This property is used to set the Tomcat connector attributes.developers can define multiple attributes separated by comma
-#tomcat.connector.attributes=allowTrace-true
-#The max number of active threads in this pool
-server.tomcat.max-threads=200
-#The minimum number of threads always kept alive
-server.tomcat.min-spare-threads=25
-
-# Basic Authorization credentials for SDNC Context Builder REST Service
-sdncCtxBuilder.userId={{ .Values.config.sdncCtxBuilderUserId }}
-sdncCtxBuilder.password={{ .Values.config.sdncCtxBuilderPassword }}
-
-# AAI REST Client Configuration
-aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}}
-aai.servicePort={{ .Values.config.aaiPort }}
-# AAI APIs authentication mode. Valid values: [basic_auth, client_cert]
-aai.authentication=basic_auth
-aai.trustStorePath=n/a
-aai.keyStorePath=n/a
-aai.keyStorePassword=n/a
-aai.username={{ .Values.config.aaiUsername }}
-aai.password={{ .Values.config.aaiPassword }}
-aai.httpProtocol={{ .Values.config.aaiHttpProtocol }}
-aai.authentication={{ .Values.config.aaiAuthentication }}
-aai.trustStorePath={{ .Values.config.aaiTrustStorePath }}
-aai.keyStorePath={{ .Values.config.aaiKeyStorePath }}
-aai.keyStorePassword={{ .Values.config.aaiKeyStorePassword }}
-aai.connectionTimeout={{ .Values.config.aaiConnectionTimeout }}
-aai.readTimeout={{ .Values.config.aaiReadTimeout }}
-
-# HTTP Basic Authorization credentials for AAI Rest Service API
-aai.http.userId={{ .Values.config.aaiHttpUserId }}
-aai.http.password={{ .Values.config.aaiHttpPassword }}
-
-aai.serviceInstanceQuery=/aai/v13/nodes/service-instance/{0}
-
-# SDNC REST Client Configuration
-sdnc.serviceName={{ .Values.config.sdncServiceName }}.{{.Release.Namespace}}
-sdnc.servicePort={{ .Values.config.sdncPort }}
-sdnc.user={{ .Values.config.sdncUsername }}
-sdnc.password={{ .Values.config.sdncPassword }}
-sdnc.httpProtocol={{ .Values.config.sdncHttpProtocol }}
-sdnc.connectionTimeout={{ .Values.config.sdncConnectionTimeout }}
-sdnc.readTimeout={{ .Values.config.sdncReadTimeout }}
-sdnc.genericResourcePath=/restconf/config/GENERIC-RESOURCE-API:services/service/{0}
-sdnc.portMirrorResourcePath=/restconf/config/GENERIC-RESOURCE-API:port-mirror-configurations/port-mirror-configuration/{0}/configuration-data/configuration-operation-information/port-mirror-configuration-request-input
-sdnc.vnfPath=/restconf/config/VNF-API:vnfs/vnf-list/{0}
-
-#Servlet context parameters
-server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /opt/app/logs
- readOnly: false
- - mountPath: /opt/app/config/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
- subPath: logback.xml
- - name: {{ include "common.fullname" . }}-logs-eelf
- mountPath: /opt/app/logs/EELF
- readOnly: false
- - mountPath: /opt/app/config/application.properties
- name: {{ include "common.fullname" . }}-config
- subPath: application.properties
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /opt/app/logs
-
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- - name: {{ include "common.fullname" . }}-log-conf
- configMap:
- name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-pomba-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs-eelf
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- #Example internal target port if required
- #targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName | default "http" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName | default "http" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- repository: nexus3.onap.org:10001
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/pomba-sdnc-context-builder:1.5.1
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-config:
- # AAI Rest Client Connection
- aaiServiceName: aai
- aaiPort: 8443
- aaiUsername: AAI
- aaiPassword: OBF:1gfr1ev31gg7
- aaiHttpProtocol: https
- aaiAuthentication: basic_auth
- aaiTrustStorePath: n/a
- aaiKeyStorePath: n/a
- aaiKeyStorePassword: n/a
- aaiConnectionTimeout: 5000
- aaiReadTimeout: 5000
- # HTTP Basic Authorization credentials for Rest Service API
- aaiHttpUserId: admin
- aaiHttpPassword: OBF:1u2a1toa1w8v1tok1u30
- sdncCtxBuilderUserId: admin
- sdncCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
-
- # SDNC Rest Client Connection
- sdncServiceName: sdnc
- sdncPort: 8282
- sdncUsername: admin
- sdncPassword: OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
- sdncHttpProtocol: http
- sdncConnectionTimeout: 5000
- sdncReadTimeout: 5000
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 30
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 30
-
-#Example service definition with external, internal and node ports.
-service:
- # The default service name (exposed in the service.yaml) will be the same
- # name as the chart. If the service name needs to be overriden (such as
- # when a subchart is shared), uncomment the value below.
- #name: <service-name-override>
-
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: ClusterIP
- externalPort: 9530
- internalPort: 8080
-# nodePort: <replace with unused node port suffix eg. 23>
- # optional port name override - default can be defined in service.yaml
- #portName: http
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 800Mi
- requests:
- cpu: 100m
- memory: 400Mi
- large:
- limits:
- cpu: 2
- memory: 1600Mi
- requests:
- cpu: 200m
- memory: 800Mi
- unlimited: {}
+++ /dev/null
-# ElasticSearch Configuration
-
-es.cluster-name=POMBA_ES
-es.ip-address=pomba-es.{{.Release.Namespace}}
-es.http-port={{.Values.config.elasticsearchHttpPort}}
+++ /dev/null
-<configuration scan="true" scanPeriod="3 seconds" debug="false">
- <!--<jmxConfigurator /> -->
- <!-- directory path for all other type logs -->
-
- <property name="logDir" value="/var/log/onap" />
-
-
- <!-- specify the component name
- <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
- <property name="componentName" value="AAI-SDB"></property>
-
- <!-- default eelf log file names -->
- <property name="generalLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
-
- <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|SearchDataService|%mdc{PartnerName}|%logger||%.-5level|%msg%n" />
- <property name="auditMetricPattern" value="%m%n" />
-
- <property name="logDirectory" value="${logDir}/${componentName}" />
-
- <!-- Example evaluator filter applied against console appender -->
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <pattern>${errorLogPattern}</pattern>
- </encoder>
- </appender>
-
- <!-- ============================================================================ -->
- <!-- EELF Appenders -->
- <!-- ============================================================================ -->
-
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
- <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${generalLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip
- </fileNamePattern>
- <maxHistory>60</maxHistory>
- </rollingPolicy>
- <encoder>
- <pattern>${errorLogPattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <queueSize>256</queueSize>
- <appender-ref ref="EELF" />
- </appender>
-
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
-
- <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip
- </fileNamePattern>
- <maxHistory>60</maxHistory>
- </rollingPolicy>
- <encoder>
- <pattern>${auditMetricPattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
-
- <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip
- </fileNamePattern>
- <maxHistory>60</maxHistory>
- </rollingPolicy>
- <encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
- <pattern>${auditMetricPattern}</pattern>
- </encoder>
- </appender>
-
-
- <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFMetrics"/>
- </appender>
-
- <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${debugLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip
- </fileNamePattern>
- <maxHistory>60</maxHistory>
- </rollingPolicy>
- <encoder>
- <pattern>${errorLogPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>false</includeCallerData>
- </appender>
-
-
- <!-- ============================================================================ -->
- <!-- EELF loggers -->
- <!-- ============================================================================ -->
- <logger name="com.att.eelf" level="info" additivity="false">
- <appender-ref ref="asyncEELF" />
- <appender-ref ref="asyncEELFDebug" />
- </logger>
-
- <logger name="com.att.eelf.audit" level="info" additivity="false">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger name="com.att.eelf.metrics" level="info" additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
-
- <!-- Spring related loggers -->
- <logger name="org.springframework" level="WARN" />
- <logger name="org.springframework.beans" level="WARN" />
- <logger name="org.springframework.web" level="WARN" />
- <logger name="com.blog.spring.jms" level="WARN" />
-
- <!-- SearchDB loggers -->
- <logger name="org.openecomp.sa" level="INFO" />
-
- <!-- Other Loggers that may help troubleshoot -->
- <logger name="net.sf" level="WARN" />
- <logger name="org.apache.commons.httpclient" level="WARN" />
- <logger name="org.apache.commons" level="WARN" />
- <logger name="org.apache.coyote" level="WARN" />
- <logger name="org.apache.jasper" level="WARN" />
-
- <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
- May aid in troubleshooting) -->
- <logger name="org.apache.camel" level="WARN" />
- <logger name="org.apache.cxf" level="WARN" />
- <logger name="org.apache.camel.processor.interceptor" level="WARN" />
- <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
- <logger name="org.apache.cxf.service" level="WARN" />
- <logger name="org.restlet" level="WARN" />
- <logger name="org.apache.camel.component.restlet" level="WARN" />
-
- <!-- logback internals logging -->
- <logger name="ch.qos.logback.classic" level="WARN" />
- <logger name="ch.qos.logback.core" level="WARN" />
-
- <root>
- <appender-ref ref="asyncEELF" />
- <!-- <appender-ref ref="asyncEELFDebug" /> -->
- </root>
-
-</configuration>
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - pomba-elasticsearch
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: /opt/app/search-data-service/config/
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: KEY_MANAGER_PASSWORD
- value: {{ .Values.config.keyManagerPassword }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /opt/app/search-data-service/config/filter-config.json
- subPath: filter-config.json
- name: {{ include "common.fullname" . }}-service-config
- - mountPath: /opt/app/search-data-service/config/elastic-search.properties
- subPath: elastic-search.properties
- name: {{ include "common.fullname" . }}-service-config
- - mountPath: /opt/app/search-data-service/config/analysis-config.json
- subPath: analysis-config.json
- name: {{ include "common.fullname" . }}-service-config
- - mountPath: /opt/app/search-data-service/config/es-payload-translation.json
- subPath: es-payload-translation.json
- name: {{ include "common.fullname" . }}-service-config
- - mountPath: /opt/app/search-data-service/config/dynamic-custom-template.json
- subPath: dynamic-custom-template.json
- name: {{ include "common.fullname" . }}-service-config
- - mountPath: /opt/app/search-data-service/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- name: {{ include "common.fullname" . }}-service-auth-config
- - mountPath: /opt/app/search-data-service/config/auth/search_policy.json
- subPath: search_policy.json
- name: {{ include "common.fullname" . }}-search-policy-config
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-service-logs
- - mountPath: /opt/app/search-data-service/bundleconfig/etc/logback.xml
- name: {{ include "common.fullname" . }}-service-log-conf
- subPath: logback.xml
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 10 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
- {{- end }}
-
- # side car containers
- - name: filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- name: filebeat-conf
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-service-logs
- - mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-service-filebeat
-
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-service-config
- configMap:
- name: {{ include "common.fullname" . }}
- - name: {{ include "common.fullname" . }}-service-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-keystone
- - name: {{ include "common.fullname" . }}-search-policy-config
- secret:
- secretName: {{ include "common.fullname" . }}-policy
- - name: filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-pomba-filebeat-configmap
- - name: {{ include "common.fullname" . }}-service-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-service-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-service-log-conf
- configMap:
- name: {{ include "common.fullname" . }}-service-log
- restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Default values for search-data.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-global: # global defaults
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
-
-# application image
-repository: nexus3.onap.org:10001
-image: onap/search-data-service:1.3.1
-pullPolicy: Always
-restartPolicy: Always
-
-# application configuration
-config:
- elasticsearchHttpPort: 9200
- keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
- keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
-
-service:
- type: ClusterIP
- portName: pomba-search-data
- internalPort: 9509
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 1800Mi
- requests:
- cpu: 50m
- memory: 900Mi
- large:
- limits:
- cpu: 2
- memory: 3600Mi
- requests:
- cpu: 100m
- memory: 1800Mi
- unlimited: {}
+++ /dev/null
-# Copyright � 2018 Amdocs\r
-#\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-\r
-dependencies:\r
- - name: common\r
- version: ~6.x-0\r
- repository: '@local'\r
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License
-
-spring.jersey.type=filter
-spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
-
-
-server.contextPath=/service-decomposition
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-
-#This property is used to set the Tomcat connector attributes.developers can define multiple attributes separated by comma
-#tomcat.connector.attributes=allowTrace-true
-#The max number of active threads in this pool
-server.tomcat.max-threads=200
-#The minimum number of threads always kept alive
-server.tomcat.min-Spare-Threads=25
-#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads
-server.tomcat.max-idle-time=60000
-
-basicAuth.username={{ .Values.config.serviceDecompositionUserId }}
-basicAuth.password={{ .Values.config.serviceDecompositionPassword }}
-
-# AAI REST Client Configuration
-aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}}
-aai.servicePort={{ .Values.config.aaiPort }}
-# AAI APIs authentication mode. Valid values: [basic_auth, client_cert]
-aai.authentication=basic_auth
-aai.trustStorePath=n/a
-aai.keyStorePath=n/a
-aai.keyStorePassword=n/a
-aai.username={{ .Values.config.aaiUsername }}
-aai.password={{ .Values.config.aaiPassword }}
-aai.httpProtocol={{ .Values.config.aaiHttpProtocol }}
-aai.securityProtocol=TLS
-aai.connectionTimeout=60000
-aai.readTimeout=60000
-aai.resourceList=vnfc,vserver,l3-network,pserver
-aai.serviceInstancePath=/aai/v13/nodes/service-instance/{0}
-aai.urlDepth=2
-
-#Servlet context parameters
-server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
-
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - mountPath: /opt/app/config/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
- subPath: logback.xml
- - mountPath: /opt/app/config/application.properties
- name: {{ include "common.fullname" . }}-config
- subPath: application.properties
- readOnly: true
-
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
-
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-log-conf
- configMap:
- name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-pomba-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
-
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- #Example internal target port if required
- #targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName | default "http" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName | default "http" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- repository: nexus3.onap.org:10001
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/service-decomposition:1.5.1
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-config:
- # Service Decomposition REST Client Configuration
- aaiServiceName: aai
- aaiPort: 8443
- aaiUsername: AAI
- aaiPassword: OBF:1gfr1ev31gg7
- aaiHttpProtocol: https
- # Basic Authorization Client credentials for Service Decomposition REST service
- serviceDecompositionUserId: admin
- serviceDecompositionPassword: OBF:1u2a1toa1w8v1tok1u30
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
-
-#Example service definition with external, internal and node ports.
-service:
- # The default service name (exposed in the service.yaml) will be the same
- # name as the chart. If the service name needs to be overriden (such as
- # when a subchart is shared), uncomment the value below.
- #name: <service-name-override>
-
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: ClusterIP
- externalPort: 9532
- internalPort: 8080
-# nodePort: <replace with unused node port suffix eg. 23>
- # optional port name override - default can be defined in service.yaml
- #portName: http
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 800Mi
- requests:
- cpu: 100m
- memory: 400Mi
- large:
- limits:
- cpu: 2
- memory: 1600Mi
- requests:
- cpu: 200m
- memory: 800Mi
- unlimited: {}
+++ /dev/null
-# Properties for the SchemaLocationsBean
-# The AAI Schema jar will be unpacked to bundleconfig/etc
-schemaConfig=bundleconfig
-# Files named aai_oxm_v*.xml are unpacked here:
-nodeDir=${APP_HOME}/bundleconfig/etc/oxm
-# Dummy folder/directory:
-edgeDir=${APP_HOME}/bundleconfig/etc/oxm
+++ /dev/null
-# ============LICENSE_START===================================================
-# Copyright (c) 2018 Amdocs
-# ============================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=====================================================
-
-poa-audit-result.name=POA-AUDIT-RESULT
-poa-audit-result.host=message-router:3904
-poa-audit-result.publisher.partition=1
-poa-audit-result.username=
-poa-audit-result.password=OBF:
-poa-audit-result.transport.type=HTTPAUTH
+++ /dev/null
-# ============LICENSE_START===================================================
-# Copyright (c) 2018 Amdocs
-# ============================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=====================================================
-
-poa-rule-validation.name=POA-RULE-VALIDATION
-poa-rule-validation.host=message-router:3904
-poa-rule-validation.username=
-poa-rule-validation.password=OBF:
-poa-rule-validation.consumer.group=poa-validator-test
-poa-rule-validation.consumer.id=test
-poa-rule-validation.transport.type=HTTPAUTH
+++ /dev/null
-# ============LICENSE_START===================================================
-# Copyright (c) 2018 Amdocs
-# ============================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=====================================================
-
-# Note that the start.sh script sets the following System Properties
-# We provide default values here for testing purposes
-APP_HOME=.
-CONFIG_HOME=appconfig
-com.att.eelf.logging.path=src/main/resources
-com.att.eelf.logging.file=logback.xml
-logback.configurationFile=${com.att.eelf.logging.path}/${com.att.eelf.logging.file}
-
-schemaIngestPropLoc=${CONFIG_HOME}/schemaIngest.properties
-
-server.port=9501
-server.ssl.client-auth=want
-server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore
-# Work-around for missing Java certificates file "cacerts". This default value should be overridden.
-server.ssl.trust-store=${CONFIG_HOME}/auth/tomcat_keystore
-
-server.tomcat.max-threads=200
-# The minimum number of threads always kept alive
-server.tomcat.min-spare-threads=25
-
-# Spring Boot logging
-logging.config=${logback.configurationFile}
-
-consumer.topic.names=poa-rule-validation
-publisher.topic.names=poa-audit-result
-
-topics.properties.location=${CONFIG_HOME}/topics/
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-root-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/*.*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-config-properties
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/appconfig/*.*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-config-topics
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/appconfig/topics/*.properties").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rules
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/bundleconfig/etc/rules/poa-event/*.groovy").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- {{ if .Values.readiness.enabled }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- {{ end }}
- env:
- - name: APP_HOME
- value: "{{ .Values.config.appDir }}"
- - name: CONFIG_HOME
- value: "{{ .Values.config.configDir }}"
- - name: MAX_HEAP
- value: "{{ .Values.config.maxHeap }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: {{ .Values.config.appDir }}/application.properties
- name: root-config-app-prop
- subPath: application.properties
- - mountPath: {{ .Values.config.configDir }}/
- name: properties
- - mountPath: {{ .Values.config.configAuthDir }}/
- name: config-auth
- - mountPath: {{ .Values.config.configTopicsDir }}/
- name: config-topics
- - mountPath: {{ .Values.config.rulesDir }}/
- name: rules
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /opt/app/logs
-
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-pomba-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: root-config-app-prop
- configMap:
- name: {{ include "common.fullname" . }}-root-config
- defaultMode: 0644
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: properties
- configMap:
- name: {{ include "common.fullname" . }}-config-properties
- defaultMode: 0644
- items:
- - key: validation-service.properties
- path: validation-service.properties
- - key: validation-service-auth.properties
- path: validation-service-auth.properties
- - key: rule-indexing.properties
- path: rule-indexing.properties
- - key: rule-data-dictionary.properties
- path: rule-data-dictionary.properties
- - key: aai-environment.properties
- path: aai-environment.properties
- - key: schemaIngest.properties
- path: schemaIngest.properties
- - key: auth_policy.json
- path: auth_policy.json
- - name: config-auth
- secret:
- secretName: {{ include "common.fullname" . }}-config-auth-secret
- items:
- - key: tomcat_keystore
- path: tomcat_keystore
- - key: client-cert-onap.p12
- path: client-cert-onap.p12
- - name: config-topics
- configMap:
- name: {{ include "common.fullname" . }}-config-topics
- defaultMode: 0644
- items:
- - key: topic-poa-audit-result.properties
- path: topic-poa-audit-result.properties
- - key: topic-poa-rule-validation.properties
- path: topic-poa-rule-validation.properties
- - name: rules
- configMap:
- name: {{ include "common.fullname" . }}-rules
- defaultMode: 0644
- items:
- - key: default-rules.groovy
- path: default-rules.groovy
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-config-auth-secret
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ (.Files.Glob "resources/appconfig/auth/*").AsSecrets | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- #Example internal target port if required
- #targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName | default "http" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName | default "http" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- repository: nexus3.onap.org:10001
-# readinessRepository: oomk8s
-# readinessImage: readiness-check:2.0.0
-# loggingRepository: docker.elastic.co
-# loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-#repository: nexus3.onap.org:10001
-repository: nexus3.onap.org:10001
-image: onap/validation:1.3.1
-#pullPolicy: Always
-pullPolicy: IfNotPresent
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- appDir: /opt/app/validation-service
- configDir: /opt/app/validation-service/appconfig
- configAuthDir: /opt/app/validation-service/appconfig/auth
- configTopicsDir: /opt/app/validation-service/appconfig/topics
- rulesDir: /opt/app/validation-service/bundleconfig/etc/rules/poa-event
- maxHeap: 1024
- dataDictHostPort: http://dummy-host:443
- dataDictCredentials: cG9tYmE6cG9tYmE=
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
-
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
- enabled: false
-
-#Example service definition with external, internal and node ports.
-service:
- # The default service name (exposed in the service.yaml) will be the same
- # name as the chart. If the service name needs to be overriden (such as
- # when a subchart is shared), uncomment the value below.
- #name: validation-service
-
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: ClusterIP
- externalPort: 9529
- internalPort: 8080
-# nodePort: <replace with unused node port suffix eg. 23>
- # optional port name override - default can be defined in service.yaml
- #portName: http
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 1400Mi
- requests:
- cpu: 50m
- memory: 700Mi
- large:
- limits:
- cpu: 2
- memory: 2800Mi
- requests:
- cpu: 100m
- memory: 1400Mi
- unlimited: {}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License
+*/}}
+
+spring.jersey.type=filter
+spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
+
+server.contextPath=/aaicontextbuilder
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+
+#This property is used to set the Tomcat connector attributes.developers can define multiple attributes separated by comma
+#tomcat.connector.attributes=allowTrace-true
+#The max number of active threads in this pool
+server.tomcat.max-threads=200
+#The minimum number of threads always kept alive
+server.tomcat.min-spare-threads=25
+
+# AAI REST Client Configuration
+aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}}
+aai.servicePort={{ .Values.config.aaiPort }}
+# AAI APIs authentication mode. Valid values: [basic_auth, client_cert]
+aai.authentication=basic_auth
+aai.trustStorePath=n/a
+aai.keyStorePath=n/a
+aai.keyStorePassword=n/a
+aai.username={{ .Values.config.aaiUsername }}
+aai.password={{ .Values.config.aaiPassword }}
+aai.httpProtocol={{ .Values.config.aaiHttpProtocol }}
+aai.connectionTimeout={{ .Values.config.aaiConnectionTimeout }}
+aai.readTimeout={{ .Values.config.aaiReadTimeout }}
+
+# HTTP Basic Authorization credentials for Rest Service API
+http.userId={{ .Values.config.httpUserId }}
+http.password={{ .Values.config.httpPassword }}
+
+aai.searchNodeQuery=/aai/v13/nodes/service-instance/{0}
+
+#Servlet context parameters
+server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/app/logs
+ readOnly: false
+ - mountPath: /opt/app/config/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ mountPath: /opt/app/logs/EELF
+ readOnly: false
+ - mountPath: /opt/app/config/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ readOnly: true
+
+
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/app/logs
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-pomba-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ emptyDir: {}
+
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ #Example internal target port if required
+ #targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName | default "http" }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+ - uid: pdp-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
+ login: '{{ .Values.pdp.pdphttpuserid }}'
+ password: '{{ .Values.pdp.pdphttppassword }}'
+ passwordPolicy: required
+ - uid: pap-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
+ login: '{{ .Values.pap.pdppappdphttpuserid }}'
+ password: '{{ .Values.pap.pdppappdphttppassword }}'
+ passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/pomba-aai-context-builder:1.5.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+config:
+ aaiServiceName: aai
+ aaiPort: 8443
+ aaiUsername: AAI
+ aaiPassword: OBF:1gfr1ev31gg7
+ aaiHttpProtocol: https
+ aaiConnectionTimeout: 60000
+ aaiReadTimeout: 60000
+ # HTTP Basic Authorization credentials for Rest Service API
+ httpUserId: admin
+ httpPassword: OBF:1u2a1toa1w8v1tok1u30
+
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+
+#Example service definition with external, internal and node ports.
+service:
+ # The default service name (exposed in the service.yaml) will be the same
+ # name as the chart. If the service name needs to be overriden (such as
+ # when a subchart is shared), uncomment the value below.
+ #name: <service-name-override>
+
+ #Services may use any combination of ports depending on the 'type' of
+ #service being defined.
+ type: ClusterIP
+ externalPort: 9530
+ internalPort: 8080
+# nodePort: <replace with unused node port suffix eg. 23>
+ # optional port name override - default can be defined in service.yaml
+ #portName: http
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 800Mi
+ requests:
+ cpu: 100m
+ memory: 400Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 1600Mi
+ requests:
+ cpu: 200m
+ memory: 800Mi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+server.port=9529
+server.ssl.key-store=/auth/tomcat_keystore
+server.ssl.key-store-password=onapSecret
+server.ssl.key-password=onapSecret
+
+builders.properties.path=config/builders/
+
+# Transport Configuration
+transport.consume.host=message-router
+transport.consume.port=3904
+transport.consume.topic=POA-AUDIT-INIT
+transport.consume.motsid=motsid@motsid.com
+transport.consume.pass=1234
+transport.consume.consumergroup=audit1
+transport.consume.consumerid=audit1
+transport.consume.timeout=15000
+transport.consume.batchsize=8
+transport.consume.type=HTTPAUTH
+transport.message-router.apiKey=apiKeyTemp123
+transport.message-router.apiSecret=apiSecretTemp123
+transport.message-router.requiredPombaTopics=POA-AUDIT-INIT,POA-AUDIT-RESULT,POA-RULE-VALIDATION
+
+transport.publish.host=message-router
+transport.publish.port=3904
+transport.publish.topic=POA-RULE-VALIDATION
+transport.publish.motsid=motsid@motsid.com
+transport.publish.pass=1234
+transport.publish.batchsize=8
+transport.publish.maxage=1000
+transport.publish.delay=1000
+transport.publish.type=HTTPAUTH
+transport.publish.partition=1
+transport.publish.retries=4
+
+event.header.domain=onap
+event.header.source-name=RO
+event.header.event-type=POA-EVENT
+event.header.entity-type=poa-entity
+event.header.top-entity-type=poa-entity
+event.header.topic-name=POA-RULE-VALIDATION
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+server.host={{ .Values.config.aaiCtxBuilderHost }}
+basicauth.username={{ .Values.config.aaiCtxBuilderUsername }}
+basicauth.password={{ .Values.config.aaiCtxBuilderPassword }}
+server.port={{ .Values.config.ctxBuilderExternalPort }}
+server.protocol=http
+trust.store.path=/auth/tomcat_keystore
+key.store.path=/auth/aai-client-cert.p12
+key.store.password=70c87528c88dcd9f9c2558d30e817868
+key.store.type=PKCS12
+key.manager.factory.algorithm=SunX509
+security.protocol=TLS
+connection.timeout.ms=60000
+read.timeout.ms=60000
+base.uri=/aaicontextbuilder/v2/service/context
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+server.host={{ .Values.global.networkdiscoveryCtxBuilderHost }}
+basicauth.username={{ .Values.config.networkdiscoveryCtxBuilderUsername }}
+basicauth.password={{ .Values.config.networkdiscoveryCtxBuilderPassword }}
+server.port={{ .Values.config.ctxBuilderExternalPort }}
+server.protocol=http
+trust.store.path=/auth/tomcat_keystore
+key.store.path=/auth/aai-client-cert.p12
+key.store.password=70c87528c88dcd9f9c2558d30e817868
+key.store.type=PKCS12
+key.manager.factory.algorithm=SunX509
+security.protocol=TLS
+connection.timeout.ms=60000
+read.timeout.ms=60000
+base.uri=/ndcontextbuilder/service/context
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+server.host={{ .Values.config.sdcCtxBuilderHost }}
+basicauth.username={{ .Values.config.sdcCtxBuilderUsername }}
+basicauth.password={{ .Values.config.sdcCtxBuilderPassword }}
+server.port={{ .Values.config.ctxBuilderExternalPort }}
+server.protocol=http
+trust.store.path=/auth/tomcat_keystore
+key.store.path=/auth/aai-client-cert.p12
+key.store.password=70c87528c88dcd9f9c2558d30e817868
+key.store.type=PKCS12
+key.manager.factory.algorithm=SunX509
+security.protocol=TLS
+connection.timeout.ms=60000
+read.timeout.ms=60000
+base.uri=/sdccontextbuilder/v2/service/context
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+server.host={{ .Values.config.sdncCtxBuilderHost }}
+basicauth.username={{ .Values.config.sdncCtxBuilderUsername }}
+basicauth.password={{ .Values.config.sdncCtxBuilderPassword }}
+server.port={{ .Values.config.ctxBuilderExternalPort }}
+server.protocol=http
+trust.store.path=/auth/tomcat_keystore
+key.store.path=/auth/aai-client-cert.p12
+key.store.password=70c87528c88dcd9f9c2558d30e817868
+key.store.type=PKCS12
+key.manager.factory.algorithm=SunX509
+security.protocol=TLS
+connection.timeout.ms=60000
+read.timeout.ms=60000
+base.uri=/sdnccontextbuilder/v1/service/context
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap-builders
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/builders/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - message-router
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ {{- if .Values.liveness.enabled }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{- end }}
+ {{- if .Values.readiness.enabled }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/config/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ readOnly: true
+ - mountPath: /opt/app/config/builders
+ name: {{ include "common.fullname" . }}-config-builders
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/app/logs
+ readOnly: false
+ - mountPath: /opt/app/config/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ mountPath: /opt/app/logs/EELF
+ readOnly: false
+
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{- toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{- toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/app/logs
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-config-builders
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap-builders
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-pomba-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ #Example internal target port if required
+ #targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName | default "http" }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/pomba-context-aggregator:1.5.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ aaiCtxBuilderHost: pomba-aaictxbuilder
+ aaiCtxBuilderUsername: admin
+ aaiCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
+ sdcCtxBuilderHost: pomba-sdcctxbuilder
+ sdcCtxBuilderUsername: admin
+ sdcCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
+ sdncCtxBuilderHost: pomba-sdncctxbuilder
+ sdncCtxBuilderUsername: admin
+ sdncCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
+ networkdiscoveryCtxBuilderUsername: admin
+ networkdiscoveryCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
+ ctxBuilderExternalPort: 9530
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ enabled: false
+
+#Example service definition with external, internal and node ports.
+service:
+ # The default service name (exposed in the service.yaml) will be the same
+ # name as the chart. If the service name needs to be overriden (such as
+ # when a subchart is shared), uncomment the value below.
+ #name: <service-name-override>
+
+ #Services may use any combination of ports depending on the 'type' of
+ #service being defined.
+ type: ClusterIP
+ externalPort: 9529
+ internalPort: 9529
+ #nodePort: <replace with unused node port suffix eg. 23>
+ # optional port name override - default can be defined in service.yaml
+ #portName: http
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 800Mi
+ requests:
+ cpu: 10m
+ memory: 400Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 1600Mi
+ requests:
+ cpu: 20m
+ memory: 800Mi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+
+# Properties for the SchemaLocationsBean
+# The AAI Schema jar will be unpacked to bundleconfig/etc
+schemaConfig=NA
+# OXM files named aai_oxm_v*.xml are unpacked here:
+nodeDir=/opt/app/data-router/bundleconfig/etc/oxm
+# DB Edge Rules are unpacked here:
+edgeDir=
+# DB Edge Property files are copied here:
+edgePropsDir=
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-prop
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-dynamic
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/dynamic/routes/audit.route").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/dynamic/conf/audit-bean.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/dynamic/routes/poaValidation.route").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/dynamic/conf/poa-validation-bean.xml").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - pomba-search-data
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ mkdir -p /logroot/data-router/logs
+ chmod -R 777 /logroot/data-router/logs
+ chown -R root:root /logroot
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ securityContext:
+ privileged: true
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /logroot/
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: SERVICE_BEANS
+ value: /opt/app/data-router/dynamic/conf
+ - name: CONFIG_HOME
+ value: /opt/app/data-router/config/
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.config.keyStorePassword }}
+ - name: DYNAMIC_ROUTES
+ value: /opt/app/data-router/dynamic/routes
+ - name: KEY_MANAGER_PASSWORD
+ value: {{ .Values.config.keyManagerPassword }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/data-router/config/auth
+ name: {{ include "common.fullname" . }}-auth
+ - mountPath: /opt/app/data-router/config/data-router.properties
+ subPath: data-router.properties
+ name: {{ include "common.fullname" . }}-properties
+ - mountPath: /opt/app/data-router/config/schemaIngest.properties
+ subPath: schemaIngest.properties
+ name: {{ include "common.fullname" . }}-properties
+ - mountPath: /opt/app/data-router/dynamic/routes/audit.route
+ subPath: audit.route
+ name: {{ include "common.fullname" . }}-dynamic-route
+ - mountPath: /opt/app/data-router/dynamic/routes/poaValidation.route
+ subPath: poaValidation.route
+ name: {{ include "common.fullname" . }}-dynamic-route
+ - mountPath: /opt/app/data-router/dynamic/conf/audit-bean.xml
+ subPath: audit-bean.xml
+ name: {{ include "common.fullname" . }}-dynamic-policy
+ - mountPath: /opt/app/data-router/dynamic/conf/poa-validation-bean.xml
+ subPath: poa-validation-bean.xml
+ name: {{ include "common.fullname" . }}-dynamic-policy
+ - mountPath: /logs/
+ name: {{ include "common.fullname" . }}-logs
+ resources:
+{{ include "common.resources" . | indent 10 }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/app/logs
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-auth
+ secret:
+ secretName: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-properties
+ configMap:
+ name: {{ include "common.fullname" . }}-prop
+ items:
+ - key: data-router.properties
+ path: data-router.properties
+ - key: schemaIngest.properties
+ path: schemaIngest.properties
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-pomba-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-dynamic-route
+ configMap:
+ name: {{ include "common.fullname" . }}-dynamic
+ - name: {{ include "common.fullname" . }}-dynamic-policy
+ configMap:
+ name: {{ include "common.fullname" . }}-dynamic
+ - name: {{ include "common.fullname" . }}-logs
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.name }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.name }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# Default values for data-router.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+
+# Global configuration defaults
+global:
+ nodePortPrefix: 302
+ persistence: {}
+
+# application image
+image: onap/data-router:1.3.3
+pullPolicy: Always
+restartPolicy: Always
+
+# BusyBox image
+busyboxRepository: docker.io
+busyboxImage: library/busybox:latest
+
+
+# application configuration
+config:
+ keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+
+service:
+ name: pomba-data-router
+ type: NodePort
+ externalPort: 9502
+ internalPort: 9502
+ nodePort: 49
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "pombadatarouter"
+ name: "pomba-data-router"
+ port: 9502
+ config:
+ ssl: "none"
+
+persistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ ## storageClass: "-"
+ accessMode: ReadWriteOnce
+ size: 2Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: pomba/data-router/logs
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1400Mi
+ requests:
+ cpu: 100m
+ memory: 700Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 2800Mi
+ requests:
+ cpu: 200m
+ memory: 1400Mi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ sysctl -w vm.max_map_count=262144
+ mkdir -p /logroot/elasticsearch/logs
+ mkdir -p /logroot/elasticsearch/data
+ chmod -R 777 /logroot/elasticsearch
+ chown -R root:root /logroot
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ securityContext:
+ privileged: true
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /logroot/
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.name }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.name2 }}
+# disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort2 }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
+ name: {{ include "common.fullname" . }}-config
+ subPath: elasticsearch.yml
+ - mountPath: /usr/share/elasticsearch/data/
+ name: {{ include "common.fullname" . }}-data
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ items:
+ - key: elasticsearch.yml
+ path: elasticsearch.yml
+ - name: {{ include "common.fullname" . }}-data
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ - name: {{ include "common.fullname" . }}-logs
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-logs
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.name }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.name }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name2 }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type2 }}
+ ports:
+ {{if eq .Values.service.type2 "NodePort" -}}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.name2 }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.name2 }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ persistence: {}
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+# application image
+image: elasticsearch/elasticsearch:6.6.2
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+config: {}
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+
+## Persist data to a persitent volume
+persistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ accessMode: ReadWriteOnce
+ size: 1Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: pomba/elasticsearch/data
+ mountSubPathLogs: pomba
+
+service:
+ type: ClusterIP
+ name: pomba-es
+ externalPort: 9200
+ internalPort: 9200
+ type2: ClusterIP
+ name2: pomba-es-tcp
+ externalPort2: 9300
+ internalPort2: 9300
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 3Gi
+ requests:
+ cpu: 1
+ memory: 1.5Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 6Gi
+ requests:
+ cpu: 2
+ memory: 3Gi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+#!/bin/bash
+{{/*
+
+# Copyright � 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+mkdir -p /usr/share/kibana/auth
+chmod 0777 /usr/share/kibana/auth
+
+cp /opt/app/auth/* /usr/share/kibana/auth/.
+
+chmod 0400 /usr/share/kibana/auth/*
+
+/usr/share/kibana/node/bin/node --no-warnings /usr/share/kibana/src/cli --cpu.cgroup.path.override=/ --cpuacct.cgroup.path.override=/
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-auth
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/auth/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-bin
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/bin/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - pomba-elasticsearch
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - args:
+ - --output=http://{{.Values.config.elasticsearchServiceName}}.{{ include "common.namespace" . }}:{{.Values.config.elasticsearchPort}}/.kibana
+ - --input=/config/default-mapping.json
+ - --type=mapping
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.configImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-config-map
+ volumeMounts:
+ - mountPath: /config/default-mapping.json
+ name: {{ include "common.fullname" . }}
+ subPath: default-mapping.json
+ - args:
+ - --output=http://{{.Values.config.elasticsearchServiceName}}.{{ include "common.namespace" . }}:{{.Values.config.elasticsearchPort}}/.kibana
+ - --input=/config/default.json
+ - --type=data
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.configImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-config
+ volumeMounts:
+ - mountPath: /config/default.json
+ name: {{ include "common.fullname" . }}
+ subPath: default.json
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/bash"]
+ args: ["-c", "/opt/app/bin/kibana_start.sh"]
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.name }}
+ readinessProbe:
+ httpGet:
+ path: "/"
+ scheme: "HTTPS"
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+# disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ path: "/"
+ scheme: "HTTPS"
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end -}}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /usr/share/kibana/config
+ name: {{ include "common.fullname" . }}
+ - mountPath: /opt/app/auth
+ name: {{ include "common.fullname" . }}-auth
+ - mountPath: /opt/app/bin
+ name: {{ include "common.fullname" . }}-bin
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}
+ configMap:
+ name: {{ include "common.fullname" . }}
+ items:
+ - key: kibana.yml
+ path: kibana.yml
+ - key: default.json
+ path: default.json
+ - key: default-mapping.json
+ path: default-mapping.json
+ - name: {{ include "common.fullname" . }}-auth
+ configMap:
+ name: {{ include "common.fullname" . }}-auth
+ defaultMode: 0777
+ - name: {{ include "common.fullname" . }}-bin
+ configMap:
+ name: {{ include "common.fullname" . }}-bin
+ defaultMode: 0777
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.name }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.name }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ persistence: {}
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# Configuration image
+configImage: taskrabbit/elasticsearch-dump
+
+# application image
+image: kibana/kibana:6.6.2
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ elasticsearchServiceName: pomba-es
+ elasticsearchPort: 9200
+
+ #Enable HTTPS
+ serverSslEnabled: true
+ serverSslCertificate: /usr/share/kibana/auth/pomba.crt.pem
+ serverSslKey: /usr/share/kibana/auth/pomba.key.pem
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 300
+ periodSeconds: 10
+ timeoutSeconds: 1
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 300
+ periodSeconds: 10
+ timeoutSeconds: 1
+
+service:
+ #Example service definition with external, internal and node ports.
+ #Services may use any combination of ports depending on the 'type' of
+ #service being defined.
+ type: NodePort
+ name: pomba-kibana
+ externalPort: 5601
+ internalPort: 5601
+ nodePort: 34
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "pombakibana"
+ name: "pomba-kibana"
+ port: 5601
+ config:
+ ssl: "none"
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 1600Mi
+ requests:
+ cpu: 1
+ memory: 800Mi
+ large:
+ limits:
+ cpu: 4
+ memory: 3200Mi
+ requests:
+ cpu: 2
+ memory: 1600Mi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License
+*/}}
+
+spring.jersey.type=filter
+
+#Enable HTTPS
+server.port={{ .Values.config.serverSslPort }}
+server.ssl.key-store={{ .Values.config.serverSslKeyStore }}
+server.ssl.key-store-password={{ .Values.config.serverSslKeyStorePassword }}
+server.ssl.client-auth={{ .Values.config.serverSslClientAuth }}
+server.ssl.enabled={{ .Values.config.serverSslEnabled }}
+server.ssl.enabled-protocols={{ .Values.config.serverSslEnabledProtocols }}
+
+# Basic Authentication
+basicAuth.username={{ .Values.config.networkDiscoveryUserId }}
+basicAuth.password={{ .Values.config.networkDiscoveryPassword }}
+
+openstack.identity.url ={{ .Values.config.openstackIdentityUrl }}
+openstack.identity.user ={{ .Values.config.openstackUserId }}
+openstack.identity.password ={{ .Values.config.openstackPassword }}
+
+openstack.types = vserver, l3-network, port
+openstack.type.vserver.url = {{ .Values.config.openstackTypeVserverUrl }}
+openstack.type.l3-network.url = {{ .Values.config.openstackTypeL3NetworkUrl }}
+openstack.type.port.url = {{ .Values.config.openstackTypePortUrl }}
+
+openstack.api.microversion = 2.42
+
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/app/logs
+ readOnly: false
+ - mountPath: /opt/app/config/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ - mountPath: /opt/app/config/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ readOnly: true
+ - mountPath: /opt/app/config/auth/client-cert-onap.p12
+ name: {{ include "common.fullname" . }}-auth-secret
+ subPath: client-cert-onap.p12
+ readOnly: true
+ - mountPath: /opt/app/config/auth/tomcat_keystore
+ name: {{ include "common.fullname" . }}-auth-secret
+ subPath: tomcat_keystore
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ mountPath: /opt/app/logs/EELF
+ readOnly: false
+
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/app/logs
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-auth-secret
+ secret:
+ secretName: {{ include "common.fullname" . }}-auth
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-pomba-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, AT&T\r
+#\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+*/}}
+\r
+apiVersion: v1\r
+kind: Secret\r
+metadata:\r
+ name: {{ include "common.fullname" . }}-auth\r
+ namespace: {{ include "common.namespace" . }}\r
+ labels:\r
+ app: {{ include "common.name" . }}\r
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
+ release: {{ include "common.release" . }}\r
+ heritage: {{ .Release.Service }}\r
+data:\r
+{{ (.Files.Glob "resources/config/auth/*").AsSecrets | indent 2 }}\r
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs\r
+#\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+*/}}
+\r
+apiVersion: v1\r
+kind: Service\r
+metadata:\r
+ name: {{ include "common.servicename" . }}\r
+ namespace: {{ include "common.namespace" . }}\r
+ labels:\r
+ app: {{ include "common.name" . }}\r
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
+ release: {{ include "common.release" . }}\r
+ heritage: {{ .Release.Service }}\r
+spec:\r
+ type: {{ .Values.service.type }}\r
+ ports:\r
+ {{if eq .Values.service.type "NodePort" -}}\r
+ - port: {{ .Values.service.externalPort }}\r
+ targetPort: {{ .Values.service.internalPort }}\r
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}\r
+ name: {{ .Values.service.portName | default "http" }}\r
+ {{- else -}}\r
+ - port: {{ .Values.service.externalPort }}\r
+ targetPort: {{ .Values.service.internalPort }}\r
+ name: {{ .Values.service.portName | default "http" }}\r
+ {{- end}}\r
+ selector:\r
+ app: {{ include "common.name" . }}\r
+ release: {{ include "common.release" . }}\r
--- /dev/null
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/network-discovery:1.5.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+config:
+ # Network Discovery Micro Service REST Client Configuration
+
+ #Enable HTTPS
+ serverSslPort: 8443
+ serverSslKeyStore: /opt/app/config/auth/tomcat_keystore
+ serverSslKeyStorePassword: password(OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10)
+ serverSslClientAuth: want
+ serverSslEnabled: true
+ serverSslEnabledProtocols: TLSv1.1,TLSv1.2
+
+ # Basic Authorization credentials for Network Discovery Micro Service Rest Service
+ networkDiscoveryUserId: admin
+ networkDiscoveryPassword: OBF:1u2a1toa1w8v1tok1u30
+
+ # Basic Authorization credentials for Openstack Rest APIs
+ openstackIdentityUrl: http://10.69.36.11:5000/v3/auth/tokens
+ openstackUserId: admin
+ openstackPassword: OBF:1w951ugg1vun1uha1w8l
+
+ # Openstack Rest API URLs:
+ openstackTypeVserverUrl: http://10.69.36.11:8774/v2.1/servers/{0}
+ openstackTypeL3NetworkUrl: http://10.69.36.11:9696/v2.0/networks/{0}
+ openstackTypePortUrl: http://10.69.36.11:9696/v2.0/ports/{0}
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+
+#Example service definition with external, internal and node ports.
+service:
+ # The default service name (exposed in the service.yaml) will be the same
+ # name as the chart. If the service name needs to be overriden (such as
+ # when a subchart is shared), uncomment the value below.
+ #name: <service-name-override>
+
+ #Services may use any combination of ports depending on the 'type' of
+ #service being defined.
+ type: NodePort
+ name: pomba-networkdiscovery
+ externalPort: 9531
+ internalPort: 8443
+ nodePort: 99
+ portName: https
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "pombanetworkdiscovery"
+ name: "pomba-networkdiscovery"
+ port: 8443
+ config:
+ ssl: "redirect"
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 800Mi
+ requests:
+ cpu: 10m
+ memory: 400Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 1600Mi
+ requests:
+ cpu: 20m
+ memory: 800Mi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License
+*/}}
+
+spring.jersey.type=filter
+spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
+
+
+server.contextPath=/ndcontextbuilder
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+
+#This property is used to set the Tomcat connector attributes.developers can define multiple attributes separated by comma
+#tomcat.connector.attributes=allowTrace-true
+#The max number of active threads in this pool
+server.tomcat.max-threads=200
+#The minimum number of threads always kept alive
+server.tomcat.min-Spare-Threads=25
+#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads
+server.tomcat.max-idle-time=60000
+
+
+# Network Discovery Context Builder REST Service
+networkDiscoveryCtxBuilder.httpProtocol={{ .Values.config.networkDiscoveryCtxBuilderHttpProtocol }}
+networkDiscoveryCtxBuilder.serviceName={{ .Values.global.networkdiscoveryCtxBuilderHost }}
+networkDiscoveryCtxBuilder.port={{ .Values.config.networkDiscoveryCtxBuilderPort }}
+# Basic Authorization credentials for Network Discovery Context Builder REST Service
+networkDiscoveryCtxBuilder.userId={{ .Values.config.networkDiscoveryCtxBuilderUserId }}
+networkDiscoveryCtxBuilder.password={{ .Values.config.networkDiscoveryCtxBuilderPassword }}
+networkDiscoveryCtxBuilder.resourceList={{ .Values.config.networkDiscoveryCtxBuilderResourceList }}
+
+# Service Decomposition REST Client Configuration
+serviceDecomposition.httpProtocol={{ .Values.config.serviceDecompositionHttpProtocol }}
+serviceDecomposition.host={{ .Values.config.serviceDecompositionServiceName }}.{{.Release.Namespace}}
+serviceDecomposition.port={{ .Values.config.serviceDecompositionPort }}
+serviceDecomposition.serviceInstancePath={{ .Values.config.serviceDecompositionInstancePath }}
+#Basic Authorization Client credentials for Service Decomposition REST service
+serviceDecomposition.userId={{ .Values.config.serviceDecompositionUserId }}
+serviceDecomposition.password={{ .Values.config.serviceDecompositionPassword }}
+
+# Network Discovery Micro Service REST Client Configuration
+
+networkDiscoveryMicroService.host={{ .Values.config.networkDiscoveryServiceName }}.{{.Release.Namespace}}
+networkDiscoveryMicroService.port={{ .Values.config.networkDiscoveryPort }}
+networkDiscoveryMicroService.httpProtocol={{ .Values.config.networkDiscoveryHttpProtocol }}
+networkDiscoveryMicroService.networkDiscoveryPath={{ .Values.config.networkDiscoveryPath }}
+# Wait for Network Discovery MicroService response in milliseconds
+networkDiscoveryMicroService.responseTimeOutInMilliseconds = {{ .Values.config.networkDiscoveryTimeOutInMilliseconds }}
+# Basic Authorization credentials for Network Discovery Micro Service Rest Service
+networkDiscoveryMicroService.userId={{ .Values.config.networkDiscoveryUserId }}
+networkDiscoveryMicroService.password={{ .Values.config.networkDiscoveryPassword }}
+
+#Servlet context parameters
+server.context_parameters.p-name=value
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/app/logs
+ readOnly: false
+ - mountPath: /opt/app/config/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ - mountPath: /opt/app/config/application.properties
+ name: {{ include "common.fullname" . }}-config
+ readOnly: true
+ subPath: application.properties
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ mountPath: /opt/app/logs/EELF
+ readOnly: false
+
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/app/logs
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-pomba-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ #Example internal target port if required
+ #targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName | default "http" }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/pomba-network-discovery-context-builder:1.5.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+config:
+ # Network Discovery Context Builder REST Service
+ networkDiscoveryCtxBuilderHttpProtocol: http
+ networkDiscoveryCtxBuilderPort: 9530
+ networkDiscoveryCtxBuilderUserId: admin
+ networkDiscoveryCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
+ networkDiscoveryCtxBuilderResourceList: vnfcs,vservers,l3-networks
+
+ # Service Decomposition REST Client Configuration
+ serviceDecompositionHttpProtocol: http
+ serviceDecompositionServiceName: pomba-servicedecomposition
+ serviceDecompositionPort: 9532
+ serviceDecompositionInstancePath: /service-decomposition/service/context
+ #Basic Authorization Client credentials for Service Decomposition REST service
+ serviceDecompositionUserId: admin
+ serviceDecompositionPassword: OBF:1u2a1toa1w8v1tok1u30
+
+ # Network Discovery Micro Service REST Client Configuration
+ networkDiscoveryServiceName: pomba-networkdiscovery
+ networkDiscoveryPort: 9531
+ networkDiscoveryHttpProtocol: https
+ networkDiscoveryPath: /network-discovery/v1/network/resource
+ # Wait for Network Discovery MicroService response in milliseconds
+ networkDiscoveryTimeOutInMilliseconds: 60000
+ # Basic Authorization credentials for Network Discovery Micro Service Rest Service
+ networkDiscoveryUserId: admin
+ networkDiscoveryPassword: OBF:1u2a1toa1w8v1tok1u30
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+
+#Example service definition with external, internal and node ports.
+service:
+ # The default service name (exposed in the service.yaml) will be the same
+ # name as the chart. If the service name needs to be overriden (such as
+ # when a subchart is shared), uncomment the value below.
+ #name: <service-name-override>
+
+ #Services may use any combination of ports depending on the 'type' of
+ #service being defined.
+ type: ClusterIP
+ externalPort: 9530
+ internalPort: 8080
+# nodePort: <replace with unused node port suffix eg. 23>
+ # optional port name override - default can be defined in service.yaml
+ #portName: http
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 800Mi
+ requests:
+ cpu: 100m
+ memory: 400Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 1600Mi
+ requests:
+ cpu: 200m
+ memory: 800Mi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+spring.jersey.type=filter
+spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
+
+server.contextPath=/sdccontextbuilder
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+
+#This property is used to set the Tomcat connector attributes.developers can define multiple attributes separated by comma
+#tomcat.connector.attributes=allowTrace-true
+#The max number of active threads in this pool
+server.tomcat.max-threads=200
+#The minimum number of threads always kept alive
+server.tomcat.min-Spare-Threads=25
+#server.port=9191
+
+#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads
+server.tomcat.max-idle-time=60000
+
+#Application properties
+sdcConnect.username={{ .Values.config.sdcUsername }}
+sdcConnect.password={{ .Values.config.sdcPassword }}
+sdcConnect.consumerID={{ .Values.config.sdcConsumerId }}
+sdcConnect.sdcAddress={{ .Values.config.sdcServiceName }}.{{.Release.Namespace}}:{{ .Values.config.sdcPort }}
+
+# Minimum timeout value is 15 seconds; default is 120000s
+sdcConnect.timeout.seconds=60000
+
+# {0} = UUID
+sdc.url.template=/sdc/v1/catalog/services/{0}/toscaModel
+sdc.artifact.type=TOSCA_CSAR
+
+# Intended name for downloaded temporary CSAR files: csar-[UUID].zip
+# Only .zip and .csar are accepted extensions, default is .zip
+sdc.csar.file.prefix=csar-
+sdc.csar.file.suffix=.zip
+
+# HTTP Basic Authorization credentials for Rest Service API
+http.userId={{ .Values.config.sdcCtxBuilderUserId }}
+http.password={{ .Values.config.sdcCtxBuilderPassword }}
+
+#Servlet context parameters
+server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
+
+#test.tosca.csar.file=\\config\\toscaModel.csar.zip
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/config/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/app/logs
+ readOnly: false
+ - mountPath: /opt/app/config/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ mountPath: /opt/app/logs/EELF
+ readOnly: false
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/app/logs
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-pomba-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ #Example internal target port if required
+ #targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName | default "http" }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/pomba-sdc-context-builder:1.5.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+config:
+ #Application properties
+ sdcUsername: pomba
+ sdcPassword: OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
+ sdcConsumerId: pomba
+ sdcServiceName: sdc-be
+ sdcPort: 8443
+ # HTTP Basic Authorization credentials for Rest Service API
+ sdcCtxBuilderUserId: admin
+ sdcCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+
+#Example service definition with external, internal and node ports.
+service:
+ # The default service name (exposed in the service.yaml) will be the same
+ # name as the chart. If the service name needs to be overriden (such as
+ # when a subchart is shared), uncomment the value below.
+ #name: <service-name-override>
+
+ #Services may use any combination of ports depending on the 'type' of
+ #service being defined.
+ type: ClusterIP
+ externalPort: 9530
+ internalPort: 8080
+# nodePort: <replace with unused node port suffix eg. 23>
+ # optional port name override - default can be defined in service.yaml
+ #portName: http
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 800Mi
+ requests:
+ cpu: 100m
+ memory: 400Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 1600Mi
+ requests:
+ cpu: 200m
+ memory: 800Mi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2019 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License
+*/}}
+
+spring.jersey.type=filter
+spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
+camel.springboot.xmlRoutes = file:config/dynamic/routes/*.route
+service.xml.beans = config/dynamic/conf/*.xml
+
+server.contextPath=/sdnccontextbuilder
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+
+#This property is used to set the Tomcat connector attributes.developers can define multiple attributes separated by comma
+#tomcat.connector.attributes=allowTrace-true
+#The max number of active threads in this pool
+server.tomcat.max-threads=200
+#The minimum number of threads always kept alive
+server.tomcat.min-spare-threads=25
+
+# Basic Authorization credentials for SDNC Context Builder REST Service
+sdncCtxBuilder.userId={{ .Values.config.sdncCtxBuilderUserId }}
+sdncCtxBuilder.password={{ .Values.config.sdncCtxBuilderPassword }}
+
+# AAI REST Client Configuration
+aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}}
+aai.servicePort={{ .Values.config.aaiPort }}
+# AAI APIs authentication mode. Valid values: [basic_auth, client_cert]
+aai.authentication=basic_auth
+aai.trustStorePath=n/a
+aai.keyStorePath=n/a
+aai.keyStorePassword=n/a
+aai.username={{ .Values.config.aaiUsername }}
+aai.password={{ .Values.config.aaiPassword }}
+aai.httpProtocol={{ .Values.config.aaiHttpProtocol }}
+aai.authentication={{ .Values.config.aaiAuthentication }}
+aai.trustStorePath={{ .Values.config.aaiTrustStorePath }}
+aai.keyStorePath={{ .Values.config.aaiKeyStorePath }}
+aai.keyStorePassword={{ .Values.config.aaiKeyStorePassword }}
+aai.connectionTimeout={{ .Values.config.aaiConnectionTimeout }}
+aai.readTimeout={{ .Values.config.aaiReadTimeout }}
+
+# HTTP Basic Authorization credentials for AAI Rest Service API
+aai.http.userId={{ .Values.config.aaiHttpUserId }}
+aai.http.password={{ .Values.config.aaiHttpPassword }}
+
+aai.serviceInstanceQuery=/aai/v13/nodes/service-instance/{0}
+
+# SDNC REST Client Configuration
+sdnc.serviceName={{ .Values.config.sdncServiceName }}.{{.Release.Namespace}}
+sdnc.servicePort={{ .Values.config.sdncPort }}
+sdnc.user={{ .Values.config.sdncUsername }}
+sdnc.password={{ .Values.config.sdncPassword }}
+sdnc.httpProtocol={{ .Values.config.sdncHttpProtocol }}
+sdnc.connectionTimeout={{ .Values.config.sdncConnectionTimeout }}
+sdnc.readTimeout={{ .Values.config.sdncReadTimeout }}
+sdnc.genericResourcePath=/restconf/config/GENERIC-RESOURCE-API:services/service/{0}
+sdnc.portMirrorResourcePath=/restconf/config/GENERIC-RESOURCE-API:port-mirror-configurations/port-mirror-configuration/{0}/configuration-data/configuration-operation-information/port-mirror-configuration-request-input
+sdnc.vnfPath=/restconf/config/VNF-API:vnfs/vnf-list/{0}
+
+#Servlet context parameters
+server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/app/logs
+ readOnly: false
+ - mountPath: /opt/app/config/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ mountPath: /opt/app/logs/EELF
+ readOnly: false
+ - mountPath: /opt/app/config/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ readOnly: true
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/app/logs
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-pomba-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ #Example internal target port if required
+ #targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName | default "http" }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/pomba-sdnc-context-builder:1.5.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+config:
+ # AAI Rest Client Connection
+ aaiServiceName: aai
+ aaiPort: 8443
+ aaiUsername: AAI
+ aaiPassword: OBF:1gfr1ev31gg7
+ aaiHttpProtocol: https
+ aaiAuthentication: basic_auth
+ aaiTrustStorePath: n/a
+ aaiKeyStorePath: n/a
+ aaiKeyStorePassword: n/a
+ aaiConnectionTimeout: 5000
+ aaiReadTimeout: 5000
+ # HTTP Basic Authorization credentials for Rest Service API
+ aaiHttpUserId: admin
+ aaiHttpPassword: OBF:1u2a1toa1w8v1tok1u30
+ sdncCtxBuilderUserId: admin
+ sdncCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
+
+ # SDNC Rest Client Connection
+ sdncServiceName: sdnc
+ sdncPort: 8282
+ sdncUsername: admin
+ sdncPassword: OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
+ sdncHttpProtocol: http
+ sdncConnectionTimeout: 5000
+ sdncReadTimeout: 5000
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+
+#Example service definition with external, internal and node ports.
+service:
+ # The default service name (exposed in the service.yaml) will be the same
+ # name as the chart. If the service name needs to be overriden (such as
+ # when a subchart is shared), uncomment the value below.
+ #name: <service-name-override>
+
+ #Services may use any combination of ports depending on the 'type' of
+ #service being defined.
+ type: ClusterIP
+ externalPort: 9530
+ internalPort: 8080
+# nodePort: <replace with unused node port suffix eg. 23>
+ # optional port name override - default can be defined in service.yaml
+ #portName: http
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 800Mi
+ requests:
+ cpu: 100m
+ memory: 400Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 1600Mi
+ requests:
+ cpu: 200m
+ memory: 800Mi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# ElasticSearch Configuration
+*/}}
+
+es.cluster-name=POMBA_ES
+es.ip-address=pomba-es.{{.Release.Namespace}}
+es.http-port={{.Values.config.elasticsearchHttpPort}}
--- /dev/null
+<configuration scan="true" scanPeriod="3 seconds" debug="false">
+ <!--<jmxConfigurator /> -->
+ <!-- directory path for all other type logs -->
+
+ <property name="logDir" value="/var/log/onap" />
+
+
+ <!-- specify the component name
+ <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
+ <property name="componentName" value="AAI-SDB"></property>
+
+ <!-- default eelf log file names -->
+ <property name="generalLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+
+ <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|SearchDataService|%mdc{PartnerName}|%logger||%.-5level|%msg%n" />
+ <property name="auditMetricPattern" value="%m%n" />
+
+ <property name="logDirectory" value="${logDir}/${componentName}" />
+
+ <!-- Example evaluator filter applied against console appender -->
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+
+ <!-- The EELFAppender is used to record events to the general application
+ log -->
+
+ <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip
+ </fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELF" />
+ </appender>
+
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+
+ <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip
+ </fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditMetricPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+
+ <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip
+ </fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
+ %msg%n"</pattern> -->
+ <pattern>${auditMetricPattern}</pattern>
+ </encoder>
+ </appender>
+
+
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFMetrics"/>
+ </appender>
+
+ <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${debugLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip
+ </fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>false</includeCallerData>
+ </appender>
+
+
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+ <logger name="com.att.eelf" level="info" additivity="false">
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="asyncEELFDebug" />
+ </logger>
+
+ <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+ <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" />
+ <logger name="org.springframework.beans" level="WARN" />
+ <logger name="org.springframework.web" level="WARN" />
+ <logger name="com.blog.spring.jms" level="WARN" />
+
+ <!-- SearchDB loggers -->
+ <logger name="org.openecomp.sa" level="INFO" />
+
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="net.sf" level="WARN" />
+ <logger name="org.apache.commons.httpclient" level="WARN" />
+ <logger name="org.apache.commons" level="WARN" />
+ <logger name="org.apache.coyote" level="WARN" />
+ <logger name="org.apache.jasper" level="WARN" />
+
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+ May aid in troubleshooting) -->
+ <logger name="org.apache.camel" level="WARN" />
+ <logger name="org.apache.cxf" level="WARN" />
+ <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.service" level="WARN" />
+ <logger name="org.restlet" level="WARN" />
+ <logger name="org.apache.camel.component.restlet" level="WARN" />
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="WARN" />
+ <logger name="ch.qos.logback.core" level="WARN" />
+
+ <root>
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
+ <!-- <appender-ref ref="asyncEELFDebug" /> -->
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - pomba-elasticsearch
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: /opt/app/search-data-service/config/
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.config.keyStorePassword }}
+ - name: KEY_MANAGER_PASSWORD
+ value: {{ .Values.config.keyManagerPassword }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/search-data-service/config/filter-config.json
+ subPath: filter-config.json
+ name: {{ include "common.fullname" . }}-service-config
+ - mountPath: /opt/app/search-data-service/config/elastic-search.properties
+ subPath: elastic-search.properties
+ name: {{ include "common.fullname" . }}-service-config
+ - mountPath: /opt/app/search-data-service/config/analysis-config.json
+ subPath: analysis-config.json
+ name: {{ include "common.fullname" . }}-service-config
+ - mountPath: /opt/app/search-data-service/config/es-payload-translation.json
+ subPath: es-payload-translation.json
+ name: {{ include "common.fullname" . }}-service-config
+ - mountPath: /opt/app/search-data-service/config/dynamic-custom-template.json
+ subPath: dynamic-custom-template.json
+ name: {{ include "common.fullname" . }}-service-config
+ - mountPath: /opt/app/search-data-service/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ name: {{ include "common.fullname" . }}-service-auth-config
+ - mountPath: /opt/app/search-data-service/config/auth/search_policy.json
+ subPath: search_policy.json
+ name: {{ include "common.fullname" . }}-search-policy-config
+ - mountPath: /var/log/onap
+ name: {{ include "common.fullname" . }}-service-logs
+ - mountPath: /opt/app/search-data-service/bundleconfig/etc/logback.xml
+ name: {{ include "common.fullname" . }}-service-log-conf
+ subPath: logback.xml
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources:
+{{ include "common.resources" . | indent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+
+ # side car containers
+ - name: filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ name: filebeat-conf
+ - mountPath: /var/log/onap
+ name: {{ include "common.fullname" . }}-service-logs
+ - mountPath: /usr/share/filebeat/data
+ name: {{ include "common.fullname" . }}-service-filebeat
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-service-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-service-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-keystone
+ - name: {{ include "common.fullname" . }}-search-policy-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-policy
+ - name: filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-pomba-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-service-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-service-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-service-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-service-log
+ restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Default values for search-data.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+ nodePortPrefix: 302
+
+
+# application image
+image: onap/search-data-service:1.3.1
+pullPolicy: Always
+restartPolicy: Always
+
+# application configuration
+config:
+ elasticsearchHttpPort: 9200
+ keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ portName: pomba-search-data
+ internalPort: 9509
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1800Mi
+ requests:
+ cpu: 50m
+ memory: 900Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 3600Mi
+ requests:
+ cpu: 100m
+ memory: 1800Mi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License
+*/}}
+
+spring.jersey.type=filter
+spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
+
+
+server.contextPath=/service-decomposition
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+
+#This property is used to set the Tomcat connector attributes.developers can define multiple attributes separated by comma
+#tomcat.connector.attributes=allowTrace-true
+#The max number of active threads in this pool
+server.tomcat.max-threads=200
+#The minimum number of threads always kept alive
+server.tomcat.min-Spare-Threads=25
+#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads
+server.tomcat.max-idle-time=60000
+
+basicAuth.username={{ .Values.config.serviceDecompositionUserId }}
+basicAuth.password={{ .Values.config.serviceDecompositionPassword }}
+
+# AAI REST Client Configuration
+aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}}
+aai.servicePort={{ .Values.config.aaiPort }}
+# AAI APIs authentication mode. Valid values: [basic_auth, client_cert]
+aai.authentication=basic_auth
+aai.trustStorePath=n/a
+aai.keyStorePath=n/a
+aai.keyStorePassword=n/a
+aai.username={{ .Values.config.aaiUsername }}
+aai.password={{ .Values.config.aaiPassword }}
+aai.httpProtocol={{ .Values.config.aaiHttpProtocol }}
+aai.securityProtocol=TLS
+aai.connectionTimeout=60000
+aai.readTimeout=60000
+aai.resourceList=vnfc,vserver,l3-network,pserver
+aai.serviceInstancePath=/aai/v13/nodes/service-instance/{0}
+aai.urlDepth=2
+
+#Servlet context parameters
+server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
+
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - mountPath: /opt/app/config/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ - mountPath: /opt/app/config/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ readOnly: true
+
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-pomba-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ #Example internal target port if required
+ #targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName | default "http" }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/service-decomposition:1.5.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+config:
+ # Service Decomposition REST Client Configuration
+ aaiServiceName: aai
+ aaiPort: 8443
+ aaiUsername: AAI
+ aaiPassword: OBF:1gfr1ev31gg7
+ aaiHttpProtocol: https
+ # Basic Authorization Client credentials for Service Decomposition REST service
+ serviceDecompositionUserId: admin
+ serviceDecompositionPassword: OBF:1u2a1toa1w8v1tok1u30
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+
+#Example service definition with external, internal and node ports.
+service:
+ # The default service name (exposed in the service.yaml) will be the same
+ # name as the chart. If the service name needs to be overriden (such as
+ # when a subchart is shared), uncomment the value below.
+ #name: <service-name-override>
+
+ #Services may use any combination of ports depending on the 'type' of
+ #service being defined.
+ type: ClusterIP
+ externalPort: 9532
+ internalPort: 8080
+# nodePort: <replace with unused node port suffix eg. 23>
+ # optional port name override - default can be defined in service.yaml
+ #portName: http
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 800Mi
+ requests:
+ cpu: 100m
+ memory: 400Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 1600Mi
+ requests:
+ cpu: 200m
+ memory: 800Mi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Properties for the SchemaLocationsBean
+# The AAI Schema jar will be unpacked to bundleconfig/etc
+*/}}
+schemaConfig=bundleconfig
+# Files named aai_oxm_v*.xml are unpacked here:
+nodeDir=${APP_HOME}/bundleconfig/etc/oxm
+# Dummy folder/directory:
+edgeDir=${APP_HOME}/bundleconfig/etc/oxm
--- /dev/null
+{{/*
+# ============LICENSE_START===================================================
+# Copyright (c) 2018 Amdocs
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=====================================================
+*/}}
+
+poa-audit-result.name=POA-AUDIT-RESULT
+poa-audit-result.host=message-router:3904
+poa-audit-result.publisher.partition=1
+poa-audit-result.username=
+poa-audit-result.password=OBF:
+poa-audit-result.transport.type=HTTPAUTH
--- /dev/null
+{{/*
+# ============LICENSE_START===================================================
+# Copyright (c) 2018 Amdocs
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=====================================================
+*/}}
+
+poa-rule-validation.name=POA-RULE-VALIDATION
+poa-rule-validation.host=message-router:3904
+poa-rule-validation.username=
+poa-rule-validation.password=OBF:
+poa-rule-validation.consumer.group=poa-validator-test
+poa-rule-validation.consumer.id=test
+poa-rule-validation.transport.type=HTTPAUTH
--- /dev/null
+{{/*
+# ============LICENSE_START===================================================
+# Copyright (c) 2018 Amdocs
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=====================================================
+
+# Note that the start.sh script sets the following System Properties
+# We provide default values here for testing purposes
+*/}}
+APP_HOME=.
+CONFIG_HOME=appconfig
+com.att.eelf.logging.path=src/main/resources
+com.att.eelf.logging.file=logback.xml
+logback.configurationFile=${com.att.eelf.logging.path}/${com.att.eelf.logging.file}
+
+schemaIngestPropLoc=${CONFIG_HOME}/schemaIngest.properties
+
+server.port=9501
+server.ssl.client-auth=want
+server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore
+# Work-around for missing Java certificates file "cacerts". This default value should be overridden.
+server.ssl.trust-store=${CONFIG_HOME}/auth/tomcat_keystore
+
+server.tomcat.max-threads=200
+# The minimum number of threads always kept alive
+server.tomcat.min-spare-threads=25
+
+# Spring Boot logging
+logging.config=${logback.configurationFile}
+
+consumer.topic.names=poa-rule-validation
+publisher.topic.names=poa-audit-result
+
+topics.properties.location=${CONFIG_HOME}/topics/
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-root-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/*.*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-config-properties
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/appconfig/*.*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-config-topics
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/appconfig/topics/*.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rules
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/bundleconfig/etc/rules/poa-event/*.groovy").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ {{ if .Values.readiness.enabled }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ {{ end }}
+ env:
+ - name: APP_HOME
+ value: "{{ .Values.config.appDir }}"
+ - name: CONFIG_HOME
+ value: "{{ .Values.config.configDir }}"
+ - name: MAX_HEAP
+ value: "{{ .Values.config.maxHeap }}"
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: {{ .Values.config.appDir }}/application.properties
+ name: root-config-app-prop
+ subPath: application.properties
+ - mountPath: {{ .Values.config.configDir }}/
+ name: properties
+ - mountPath: {{ .Values.config.configAuthDir }}/
+ name: config-auth
+ - mountPath: {{ .Values.config.configTopicsDir }}/
+ name: config-topics
+ - mountPath: {{ .Values.config.rulesDir }}/
+ name: rules
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/app/logs
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-pomba-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: root-config-app-prop
+ configMap:
+ name: {{ include "common.fullname" . }}-root-config
+ defaultMode: 0644
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: properties
+ configMap:
+ name: {{ include "common.fullname" . }}-config-properties
+ defaultMode: 0644
+ items:
+ - key: validation-service.properties
+ path: validation-service.properties
+ - key: validation-service-auth.properties
+ path: validation-service-auth.properties
+ - key: rule-indexing.properties
+ path: rule-indexing.properties
+ - key: rule-data-dictionary.properties
+ path: rule-data-dictionary.properties
+ - key: aai-environment.properties
+ path: aai-environment.properties
+ - key: schemaIngest.properties
+ path: schemaIngest.properties
+ - key: auth_policy.json
+ path: auth_policy.json
+ - name: config-auth
+ secret:
+ secretName: {{ include "common.fullname" . }}-config-auth-secret
+ items:
+ - key: tomcat_keystore
+ path: tomcat_keystore
+ - key: client-cert-onap.p12
+ path: client-cert-onap.p12
+ - name: config-topics
+ configMap:
+ name: {{ include "common.fullname" . }}-config-topics
+ defaultMode: 0644
+ items:
+ - key: topic-poa-audit-result.properties
+ path: topic-poa-audit-result.properties
+ - key: topic-poa-rule-validation.properties
+ path: topic-poa-rule-validation.properties
+ - name: rules
+ configMap:
+ name: {{ include "common.fullname" . }}-rules
+ defaultMode: 0644
+ items:
+ - key: default-rules.groovy
+ path: default-rules.groovy
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-config-auth-secret
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ (.Files.Glob "resources/appconfig/auth/*").AsSecrets | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ #Example internal target port if required
+ #targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName | default "http" }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/validation:1.3.1
+#pullPolicy: Always
+pullPolicy: IfNotPresent
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ appDir: /opt/app/validation-service
+ configDir: /opt/app/validation-service/appconfig
+ configAuthDir: /opt/app/validation-service/appconfig/auth
+ configTopicsDir: /opt/app/validation-service/appconfig/topics
+ rulesDir: /opt/app/validation-service/bundleconfig/etc/rules/poa-event
+ maxHeap: 1024
+ dataDictHostPort: http://dummy-host:443
+ dataDictCredentials: cG9tYmE6cG9tYmE=
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: false
+
+readiness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ enabled: false
+
+#Example service definition with external, internal and node ports.
+service:
+ # The default service name (exposed in the service.yaml) will be the same
+ # name as the chart. If the service name needs to be overriden (such as
+ # when a subchart is shared), uncomment the value below.
+ #name: validation-service
+
+ #Services may use any combination of ports depending on the 'type' of
+ #service being defined.
+ type: ClusterIP
+ externalPort: 9529
+ internalPort: 8080
+# nodePort: <replace with unused node port suffix eg. 23>
+ # optional port name override - default can be defined in service.yaml
+ #portName: http
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1400Mi
+ requests:
+ cpu: 50m
+ memory: 700Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 2800Mi
+ requests:
+ cpu: 100m
+ memory: 1400Mi
+ unlimited: {}
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: pomba-aaictxbuilder
+ version: ~6.x-0
+ repository: 'file://components/pomba-aaictxbuilder'
+ condition: pomba-aaictxbuilder.enabled
+ - name: pomba-contextaggregator
+ version: ~6.x-0
+ repository: 'file://components/pomba-contextaggregator'
+ condition: pomba-contextaggregator.enabled
+ - name: pomba-data-router
+ version: ~6.x-0
+ repository: 'file://components/pomba-data-router'
+ condition: pomba-data-router.enabled
+ - name: pomba-elasticsearch
+ version: ~6.x-0
+ repository: 'file://components/pomba-elasticsearch'
+ condition: pomba-elasticsearch.enabled
+ - name: pomba-kibana
+ version: ~6.x-0
+ repository: 'file://components/pomba-kibana'
+ condition: pomba-kibana.enabled
+ - name: pomba-networkdiscovery
+ version: ~6.x-0
+ repository: 'file://components/pomba-networkdiscovery'
+ condition: pomba-networkdiscovery.enabled
+ - name: pomba-networkdiscoveryctxbuilder
+ version: ~6.x-0
+ repository: 'file://components/pomba-networkdiscoveryctxbuilder'
+ condition: pomba-networkdiscoveryctxbuilder.enabled
+ - name: pomba-sdcctxbuilder
+ version: ~6.x-0
+ repository: 'file://components/pomba-sdcctxbuilder'
+ condition: pomba-sdcctxbuilder.enabled
+ - name: pomba-sdncctxbuilder
+ version: ~6.x-0
+ repository: 'file://components/pomba-sdncctxbuilder'
+ condition: pomba-sdncctxbuilder.enabled
+ - name: pomba-search-data
+ version: ~6.x-0
+ repository: 'file://components/pomba-search-data'
+ condition: pomba-search-data.enabled
+ - name: pomba-servicedecomposition
+ version: ~6.x-0
+ repository: 'file://components/pomba-servicedecomposition'
+ condition: pomba-servicedecomposition.enabled
+ - name: pomba-validation-service
+ version: ~6.x-0
+ repository: 'file://components/pomba-validation-service'
+ condition: pomba-validation-service.enabled
\ No newline at end of file
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- repository: nexus3.onap.org:10001
- dockerhubRepository: docker.io
networkdiscoveryCtxBuilderHost: pomba-networkdiscoveryctxbuilder
# application configuration
config:
logstashServiceName: log-ls
logstashPort: 5044
-
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj\r
-\r
-# docker folder\r
-docker/\r
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
- @helm repo index $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
- @helm repo index $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
- name: certInitializer
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
# domain settings
#domain_class_location =
--- /dev/null
+{{/*
+# Encrypted Properties
+*/}}
+cipher.enc.key = ${CIPHER_ENC_KEY}
<!-- specify the component name -->\r
<property name="componentName" value="onapportal"></property>\r
\r
+ <!-- specify the application name -->\r
+ <property name="application_name" value="Portal"></property>\r
<!-- specify the base path of the log directory -->\r
<property name="logDirPrefix" value="/var/log/onap"></property>\r
\r
value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
\r
<property name="errorLoggerPattern"\r
- value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
+ value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ErrorCategory}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
\r
<property name="defaultLoggerPattern"\r
value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />\r
<appender-ref ref="asyncEELFServer" /> </logger> <logger name="com.att.eelf.policy"\r
level="info" additivity="false"> <appender-ref ref="asyncEELFPolicy" /> </logger> -->\r
\r
- <logger name="com.att.eelf.audit" level="info" additivity="false">\r
+ <logger name="EELFAudit" level="info" additivity="false">\r
<appender-ref ref="asyncEELFAudit" />\r
</logger>\r
\r
- <logger name="com.att.eelf.metrics" level="info" additivity="false">\r
+ <logger name="EELFMetrics" level="info" additivity="false">\r
<appender-ref ref="asyncEELFMetrics" />\r
</logger>\r
\r
- <logger name="com.att.eelf.error" level="info" additivity="false">\r
+ <logger name="EELFError" level="info" additivity="false">\r
<appender-ref ref="asyncEELFError" />\r
</logger>\r
\r
\r
<root level="INFO">\r
<appender-ref ref="asyncEELF" />\r
+ <appender-ref ref="STDOUT" />\r
</root>\r
\r
</configuration>\r
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
music.version = v2
#By default it's eventual
music.atomic.get = false
-music.atomic.put = true
+music.atomic.put = false
cassandra.host={{.Values.cassandra.service.name}}
-zookeeper.host={{.Values.zookeeper.service.name}}
-cassandra.user={{.Values.cassandra.config.cassandraUsername}}
-cassandra.password={{.Values.cassandra.config.cassandraPassword}}
+cassandra.user=${CASSA_USER}
+cassandra.password=${CASSA_PASSWORD}
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
authentication_server_url = http://{{.Values.global.portalHostName}}:8383/openid-connect-server-webapp/
ecomp_openid_connect_client = http://{{.Values.global.portalHostName}}:{{.Values.global.portalPort}}/ONAPPORTAL/openid_connect_login
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
# Not used by portal
portal.api.impl.class = org.onap.portalsdk.core.onboarding.client.OnBoardingApiServiceImpl.not.used.by.portal
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2020 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
#mysql
db.driver = org.mariadb.jdbc.Driver
db.connectionURL = jdbc:mariadb:failover://portal-db:3306/portal
-db.userName =root
-db.password =Aa123456
+db.userName =${PORTAL_DB_USER}
+db.password =${PORTAL_DB_PASSWORD}
db.hib.dialect = org.hibernate.dialect.MySQLDialect
db.min_pool_size = 5
db.max_pool_size = 10
ext_central_access_user_name = aaf_admin@people.osaaf.org
ext_central_access_password = demo123456!
ext_central_access_url = {{.Values.aafURL}}
-ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file
+ext_central_access_user_domain = @people.osaaf.org
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2020 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2020 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
initContainers:
- name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-portal-db-config
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-portal-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ cd /config-input && \
+ for PFILE in `ls -1 *.xml`
+ do
+ cp ${PFILE} /config
+ chmod 0755 /config/${PFILE}
+ done
+ cd /config-input && \
+ for PFILE in `ls -1 *.properties`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ chmod 0755 /config/${PFILE}
+ done
+ env:
+ - name: CASSA_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }}
+ - name: CASSA_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
+ - name: CIPHER_ENC_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
+ - name: PORTAL_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+ - name: PORTAL_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: properties-onapportal-scrubbed
+ - mountPath: /config
+ name: properties-onapportal
{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["bash","-c"]
{{- if .Values.global.aafEnabled }}
- name: properties-onapportal
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/portal.properties"
subPath: portal.properties
+ - name: properties-onapportal
+ mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties"
+ subPath: key.properties
- name: properties-onapportal
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/music.properties"
subPath: music.properties
- name: properties-onapportal
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml"
subPath: web.xml
+ - name: properties-onapportal
+ mountPath: "{{ .Values.global.env.tomcatDir }}/temp"
- name: var-log-onap
mountPath: /var/log/onap
resources:
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
- {{- if .Values.affinity }}
+{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- name: filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ image: {{ include "repositoryGenerator.image.logging" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: /usr/share/filebeat/filebeat.yml
hostPath:
path: /etc/localtime
- name: properties-onapportal
+ emptyDir:
+ medium: Memory
+ - name: properties-onapportal-scrubbed
configMap:
name: {{ include "common.fullname" . }}-onapportal
defaultMode: 0755
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2020 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
env:
tomcatDir: "/usr/local/tomcat"
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
#AAF service
aafEnabled: true
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+ - uid: portal-cass
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}'
+ login: '{{ .Values.cassandra.config.cassandraUsername }}'
+ password: '{{ .Values.cassandra.config.cassandraPassword }}'
+ passwordPolicy: required
+ - uid: cipher-enc-key
+ type: password
+ externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
+ password: '{{ .Values.config.cipherEncKey }}'
+ passwordPolicy: required
+ - uid: portal-backend-db
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+ login: '{{ .Values.mariadb.config.backendUserName }}'
+ password: '{{ .Values.mariadb.config.backendPassword }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
-image: onap/portal-app:3.2.3
+image: onap/portal-app:3.4.2
pullPolicy: Always
+# application configuration
+config:
+ # cipherEncKeyExternalSecret: some secret
+ cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==!
+
#AAF local config
aafURL: https://aaf-service:8100/authz/
mariadb:
service:
name: portal-db
+ config:
+ # backendDbExternalSecret: some secret
+ backendUserName: portal
+ backendPassword: portal
widget:
service:
name: portal-widget
service:
name: portal-cassandra
config:
+ # cassandraExternalSecret: some secret
cassandraUsername: root
cassandraPassword: Aa123456
-zookeeper:
- service:
- name: portal-zookeeper
messageRouter:
service:
name: message-router
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: CASSUSER
- value: "{{ .Values.config.cassandraUsername }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12}}
- name: CASSPASS
- value: "{{ .Values.config.cassandraPassword }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12}}
- name: JVM_OPTS
value: "{{ .Values.config.cassandraJvmOpts }}"
- name: POD_IP
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
# application image
-repository: nexus3.onap.org:10001
image: onap/music/cassandra_music:3.0.0
pullPolicy: Always
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: 'db-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.cassandraExternalSecret) . }}'
+ login: '{{ .Values.config.cassandraUsername }}'
+ password: '{{ .Values.config.cassandraPassword }}'
+
# application configuration
config:
cassandraUsername: root
cassandraPassword: Aa123456
+# cassandraCredsExternalSecret: some secret
cassandraJvmOpts: -Xmx2536m -Xms2536m
# default number of instances
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
set -eo pipefail
shopt -s nullglob
-# if command starts with an option, prepend mysqld
-if [ "${1:0:1}" = '-' ]; then
- set -- mysqld "$@"
-fi
-
-# skip setup if they want an option that stops mysqld
-wantHelp=
-for arg; do
- case "$arg" in
- -'?'|--help|--print-defaults|-V|--version)
- wantHelp=1
- break
- ;;
- esac
-done
+# logging functions
+mysql_log() {
+ local type="$1"; shift
+ printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*"
+}
+mysql_note() {
+ mysql_log Note "$@"
+}
+mysql_warn() {
+ mysql_log Warn "$@" >&2
+}
+mysql_error() {
+ mysql_log ERROR "$@" >&2
+ exit 1
+}
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
- echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
- exit 1
+ mysql_error "Both $var and $fileVar are set (but are exclusive)"
fi
local val="$def"
if [ "${!var:-}" ]; then
unset "$fileVar"
}
-_check_config() {
- toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" )
+# check to see if this file is being run or sourced from another script
+_is_sourced() {
+ # https://unix.stackexchange.com/a/215279
+ [ "${#FUNCNAME[@]}" -ge 2 ] \
+ && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
+ && [ "${FUNCNAME[1]}" = 'source' ]
+}
+
+# usage: docker_process_init_files [file [file [...]]]
+# ie: docker_process_init_files /always-initdb.d/*
+# process initializer files, based on file extensions
+docker_process_init_files() {
+ # mysql here for backwards compatibility "${mysql[@]}"
+ mysql=( docker_process_sql )
+
+ echo
+ local f
+ for f; do
+ case "$f" in
+ *.sh)
+ # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
+ # https://github.com/docker-library/postgres/pull/452
+ if [ -x "$f" ]; then
+ mysql_note "$0: running $f"
+ "$f"
+ else
+ mysql_note "$0: sourcing $f"
+ . "$f"
+ fi
+ ;;
+ *.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;;
+ *.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
+ *.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;;
+ *) mysql_warn "$0: ignoring $f" ;;
+ esac
+ echo
+ done
+}
+
+mysql_check_config() {
+ local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors
if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
- cat >&2 <<-EOM
- ERROR: mysqld failed while attempting to check config
- command was: "${toRun[*]}"
- $errors
- EOM
- exit 1
+ mysql_error $'mysqld failed while attempting to check config\n\tcommand was: '"${toRun[*]}"$'\n\t'"$errors"
fi
}
# Fetch value from server config
# We use mysqld --verbose --help instead of my_print_defaults because the
# latter only show values present in config files, and not server defaults
-_get_config() {
+mysql_get_config() {
local conf="$1"; shift
"$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
- | awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
+ | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
# match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)"
}
-# allow the container to be started with `--user`
-if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then
- _check_config "$@"
- DATADIR="$(_get_config 'datadir' "$@")"
+# Do a temporary startup of the MySQL server, for init purposes
+docker_temp_server_start() {
+ "$@" --skip-networking --socket="${SOCKET}" &
+ mysql_note "Waiting for server startup"
+ local i
+ for i in {30..0}; do
+ # only use the root password if the database has already been initializaed
+ # so that it won't try to fill in a password file when it hasn't been set yet
+ extraArgs=()
+ if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+ extraArgs+=( '--dont-use-mysql-root-password' )
+ fi
+ if docker_process_sql "${extraArgs[@]}" --database=mysql <<<'SELECT 1' &> /dev/null; then
+ break
+ fi
+ sleep 1
+ done
+ if [ "$i" = 0 ]; then
+ mysql_error "Unable to start server."
+ fi
+}
+
+# Stop the server. When using a local socket file mysqladmin will block until
+# the shutdown is complete.
+docker_temp_server_stop() {
+ if ! mysqladmin --defaults-extra-file=<( _mysql_passfile ) shutdown -uroot --socket="${SOCKET}"; then
+ mysql_error "Unable to shut down server."
+ fi
+}
+
+# Verify that the minimally required password settings are set for new databases.
+docker_verify_minimum_env() {
+ if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ mysql_error $'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
+ fi
+}
+
+# creates folders for the database
+# also ensures permission for user mysql of run as root
+docker_create_db_directories() {
+ local user; user="$(id -u)"
+
+ # TODO other directories that are used by default? like /var/lib/mysql-files
+ # see https://github.com/docker-library/mysql/issues/562
mkdir -p "$DATADIR"
- find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
- exec gosu mysql "$BASH_SOURCE" "$@"
-fi
-if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
- # still need to check config, container may have started with --user
- _check_config "$@"
+ if [ "$user" = "0" ]; then
+ # this will cause less disk access than `chown -R`
+ find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
+ fi
+}
+
+# initializes the database directory
+docker_init_database_dir() {
+ mysql_note "Initializing database files"
+ installArgs=( --datadir="$DATADIR" --rpm )
+ if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
+ # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
+ # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
+ # (this flag doesn't exist in 10.0 and below)
+ installArgs+=( --auth-root-authentication-method=normal )
+ fi
+ # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
+ mysql_install_db "${installArgs[@]}" "${@:2}"
+ mysql_note "Database files initialized"
+}
+
+# Loads various settings that are used elsewhere in the script
+# This should be called after mysql_check_config, but before any other functions
+docker_setup_env() {
# Get config
- DATADIR="$(_get_config 'datadir' "$@")"
-
- if [ ! -d "$DATADIR/mysql" ]; then
- file_env 'MYSQL_ROOT_PASSWORD'
- if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- echo >&2 'error: database is uninitialized and password option is not specified '
- echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
- exit 1
- fi
+ declare -g DATADIR SOCKET
+ DATADIR="$(mysql_get_config 'datadir' "$@")"
+ SOCKET="$(mysql_get_config 'socket' "$@")"
- mkdir -p "$DATADIR"
+ # Initialize values that might be stored in a file
+ file_env 'MYSQL_ROOT_HOST' '%'
+ file_env 'MYSQL_DATABASE'
+ file_env 'MYSQL_USER'
+ file_env 'MYSQL_PASSWORD'
+ file_env 'MYSQL_ROOT_PASSWORD'
+ file_env 'PORTAL_DB_TABLES'
- echo 'Initializing database'
- installArgs=( --datadir="$DATADIR" --rpm )
- if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
- # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
- # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
- # (this flag doesn't exist in 10.0 and below)
- installArgs+=( --auth-root-authentication-method=normal )
- fi
- # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
- mysql_install_db "${installArgs[@]}" "${@:2}"
- echo 'Database initialized'
-
- SOCKET="$(_get_config 'socket' "$@")"
- "$@" --skip-networking --socket="${SOCKET}" &
- pid="$!"
-
- mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" )
-
- for i in {60..0}; do
- if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
- break
- fi
- echo 'MySQL init process in progress...'
- sleep 1
- done
- if [ "$i" = 0 ]; then
- echo >&2 'MySQL init process failed.'
- exit 1
- fi
+ declare -g DATABASE_ALREADY_EXISTS
+ if [ -d "$DATADIR/mysql" ]; then
+ DATABASE_ALREADY_EXISTS='true'
+ fi
+}
- if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
- # sed is for https://bugs.mysql.com/bug.php?id=20545
- mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
- fi
+# Execute sql script, passed via stdin
+# usage: docker_process_sql [--dont-use-mysql-root-password] [mysql-cli-args]
+# ie: docker_process_sql --database=mydb <<<'INSERT ...'
+# ie: docker_process_sql --dont-use-mysql-root-password --database=mydb <my-file.sql
+docker_process_sql() {
+ passfileArgs=()
+ if [ '--dont-use-mysql-root-password' = "$1" ]; then
+ passfileArgs+=( "$1" )
+ shift
+ fi
+ # args sent in can override this db, since they will be later in the command
+ if [ -n "$MYSQL_DATABASE" ]; then
+ set -- --database="$MYSQL_DATABASE" "$@"
+ fi
- if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
- echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
- fi
+ mysql --defaults-extra-file=<( _mysql_passfile "${passfileArgs[@]}") --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@"
+}
- rootCreate=
- # default root to listen for connections from anywhere
- file_env 'MYSQL_ROOT_HOST' '%'
- if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then
- # no, we don't care if read finds a terminating character in this heredoc
- # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
- read -r -d '' rootCreate <<-EOSQL || true
- CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
- GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
- EOSQL
- fi
+# Initializes database with timezone info and root password, plus optional extra db/user
+docker_setup_db() {
+ # Load timezone info into database
+ if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
+ {
+ # Aria in 10.4+ is slow due to "transactional" (crash safety)
+ # https://jira.mariadb.org/browse/MDEV-23326
+ # https://github.com/docker-library/mariadb/issues/262
+ local tztables=( time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type )
+ for table in "${tztables[@]}"; do
+ echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=0 */;"
+ done
- "${mysql[@]}" <<-EOSQL
- -- What's done in this file shouldn't be replicated
- -- or products like mysql-fabric won't work
- SET @@SESSION.SQL_LOG_BIN=0;
- DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
- SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
- GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
- ${rootCreate}
- DROP DATABASE IF EXISTS test ;
- FLUSH PRIVILEGES ;
+ # sed is for https://bugs.mysql.com/bug.php?id=20545
+ mysql_tzinfo_to_sql /usr/share/zoneinfo \
+ | sed 's/Local time zone must be set--see zic manual page/FCTY/'
+
+ for table in "${tztables[@]}"; do
+ echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=1 */;"
+ done
+ } | docker_process_sql --dont-use-mysql-root-password --database=mysql
+ # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet
+ fi
+ # Generate random root password
+ if [ -n "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
+ mysql_note "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
+ fi
+ # Sets root password and creates root users for non-localhost hosts
+ local rootCreate=
+ # default root to listen for connections from anywhere
+ if [ -n "$MYSQL_ROOT_HOST" ] && [ "$MYSQL_ROOT_HOST" != 'localhost' ]; then
+ # no, we don't care if read finds a terminating character in this heredoc
+ # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
+ read -r -d '' rootCreate <<-EOSQL || true
+ CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
+ GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
EOSQL
+ fi
- if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
- mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
- fi
+ # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is just now being set
+ docker_process_sql --dont-use-mysql-root-password --database=mysql <<-EOSQL
+ -- What's done in this file shouldn't be replicated
+ -- or products like mysql-fabric won't work
+ SET @@SESSION.SQL_LOG_BIN=0;
- file_env 'MYSQL_DATABASE'
- if [ "$MYSQL_DATABASE" ]; then
- echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
- mysql+=( "$MYSQL_DATABASE" )
- fi
+ DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mariadb.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
+ SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
+ -- 10.1: https://github.com/MariaDB/server/blob/d925aec1c10cebf6c34825a7de50afe4e630aff4/scripts/mysql_secure_installation.sh#L347-L365
+ -- 10.5: https://github.com/MariaDB/server/blob/00c3a28820c67c37ebbca72691f4897b57f2eed5/scripts/mysql_secure_installation.sh#L351-L369
+ DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ;
- file_env 'MYSQL_USER'
- file_env 'MYSQL_PASSWORD'
- if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
- echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}"
+ GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
+ FLUSH PRIVILEGES ;
+ ${rootCreate}
+ DROP DATABASE IF EXISTS test ;
+ EOSQL
- if [ "$MYSQL_DATABASE" ]; then
- echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
- fi
+ # Creates a custom database and user if specified
+ if [ -n "$MYSQL_DATABASE" ]; then
+ mysql_note "Creating database ${MYSQL_DATABASE}"
+ docker_process_sql --database=mysql <<<"CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;"
+ fi
+
+ if [ -n "$MYSQL_USER" ] && [ -n "$MYSQL_PASSWORD" ]; then
+ mysql_note "Creating user ${MYSQL_USER}"
+ docker_process_sql --database=mysql <<<"CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;"
+
+ if [ -n "$MYSQL_DATABASE" ]; then
+ mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}"
+ docker_process_sql --database=mysql <<<"GRANT ALL ON \`${MYSQL_DATABASE//_/\\_}\`.* TO '$MYSQL_USER'@'%' ;"
fi
- echo
- for f in /docker-entrypoint-initdb.d/*; do
- case "$f" in
- *.sh) echo "$0: running $f"; . "$f" ;;
- *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;;
- *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;;
- *) echo "$0: ignoring $f" ;;
- esac
- echo
- done
+ docker_process_sql --database=mysql <<<"FLUSH PRIVILEGES ;"
+ fi
+}
- if ! kill -s TERM "$pid" || ! wait "$pid"; then
- echo >&2 'MySQL init process failed.'
- exit 1
+_mysql_passfile() {
+ # echo the password to the "file" the client uses
+ # the client command will use process substitution to create a file on the fly
+ # ie: --defaults-extra-file=<( _mysql_passfile )
+ if [ '--dont-use-mysql-root-password' != "$1" ] && [ -n "$MYSQL_ROOT_PASSWORD" ]; then
+ cat <<-EOF
+ [client]
+ password="${MYSQL_ROOT_PASSWORD}"
+ EOF
+ fi
+}
+
+# check arguments for an option that would cause mysqld to stop
+# return true if there is one
+_mysql_want_help() {
+ local arg
+ for arg; do
+ case "$arg" in
+ -'?'|--help|--print-defaults|-V|--version)
+ return 0
+ ;;
+ esac
+ done
+ return 1
+}
+
+_main() {
+ # if command starts with an option, prepend mysqld
+ if [ "${1:0:1}" = '-' ]; then
+ set -- mysqld "$@"
+ fi
+
+ # skip setup if they aren't running mysqld or want an option that stops mysqld
+ if [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then
+ mysql_note "Entrypoint script for MySQL Server ${MARIADB_VERSION} started."
+
+ mysql_check_config "$@"
+ # Load various environment variables
+ docker_setup_env "$@"
+ docker_create_db_directories
+
+ # If container is started as root user, restart as dedicated mysql user
+ if [ "$(id -u)" = "0" ]; then
+ mysql_note "Switching to dedicated user 'mysql'"
+ exec gosu mysql "$BASH_SOURCE" "$@"
fi
- echo
- echo 'MySQL init process done. Ready for start up.'
- echo
+ # there's no database, so it needs to be initialized
+ if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+ docker_verify_minimum_env
+
+ # check dir permissions to reduce likelihood of half-initialized database
+ ls /docker-entrypoint-initdb.d/ > /dev/null
+
+ docker_init_database_dir "$@"
+
+ mysql_note "Starting temporary server"
+ docker_temp_server_start "$@"
+ mysql_note "Temporary server started."
+
+ docker_setup_db
+ docker_process_init_files /docker-entrypoint-initdb.d/*
+
+ for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g")
+ do
+ echo "Granting portal user ALL PRIVILEGES for table $i"
+ echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+ done
+
+ mysql_note "Stopping temporary server"
+ docker_temp_server_stop
+ mysql_note "Temporary server stopped"
+
+ echo
+ mysql_note "MySQL init process done. Ready for start up."
+ echo
+ fi
fi
-fi
+ exec "$@"
+}
-exec "$@"
\ No newline at end of file
+# If we are sourced from elsewhere, don't perform any further actions
+if ! _is_sourced; then
+ _main "$@"
+fi
*/
-- app_url is the FE, app_rest_endpoint is the BE
--portal-sdk => TODO: doesn't open a node port yet
-update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
+update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8443/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
--dmaap-bc => the dmaap-bc doesn't open a node port..
update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
--sdc-be => 8443:30204
-- aai sparky
update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key_7' where app_id = 7;
-
+-- Disabled Policy APP
+UPDATE fn_app fa SET fa.enabled = 'N' WHERE app_name = 'Policy';
+-- Disabled AAIUI APP
+UPDATE fn_app fa SET fa.enabled = 'N' WHERE app_name = 'A&AI UI';
/*
Replace spaces with underscores for role names to match AAF role names
*/
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers:
+ - name: volume-permissions
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ command: ['sh', '-c', 'chmod -R 777 /var/lib/mysql']
+ volumeMounts:
+ - mountPath: /var/lib/mysql
+ name: mariadb-data
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
secretKeyRef:
name: {{ template "common.fullname" . }}
key: db-root-password
+ - name: MYSQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "common.fullname" . }}
+ key: backend-db-user
+ - name: MYSQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "common.fullname" . }}
+ key: backend-db-password
+ - name: PORTAL_DB_TABLES
+ value: {{ .Values.config.backend_portal_tables }}
volumeMounts:
- mountPath: /var/lib/mysql
name: mariadb-data
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: batch/v1
kind: Job
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.name" . }}
fieldPath: metadata.namespace
containers:
- name: {{ include "common.name" . }}-job
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.mariadbInitImage }}"
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadbInitImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- name: SQL_SRC_DIR
value: {{ .Values.config.sqlSourceDirectory }}
- name: {{ include "common.name" . }}-oom-update-job
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.mariadbInitImage }}"
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadbInitImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
value: "{{ .Values.service.internalPort }}"
- name: DB_PASS
valueFrom:
- secretKeyRef: {name: {{ include "common.fullname" . }}, key: db-root-password}
+ secretKeyRef:
+ name: {{ include "common.fullname" . }}
+ key: db-root-password
command:
- /bin/sh
- -x
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Secret
type: Opaque
data:
db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }}
+stringData:
+ backend-db-user: {{ .Values.config.backendDbUser }}
+ backend-db-password: {{ .Values.config.backendDbPassword }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
global: # global defaults
nodePortPrefix: 302
persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
# application image
-repository: nexus3.onap.org:10001
-image: onap/portal-db:3.2.3
+image: onap/portal-db:3.4.1
pullPolicy: Always
-
-
-mariadbInitImage: "mariadb-client-init:3.0.0"
+mariadbInitImage: oomk8s/mariadb-client-init:3.0.0
# application configuration
config:
mariadbUser: root
mariadbRootPassword: Aa123456
+ backendDbUser: portal
+ backendDbPassword: portal
+ #backend_portal_tables is a comma delimited string listing back-end tables
+ #that backendDbUser needs access to, such as to portal and ecomp_sdk tables
+ backend_portal_tables: portal,ecomp_sdk
#The directory where sql files are found in the projects gerrit repo.
sqlSourceDirectory: portal/deliveries
# sdc frontend assignment for port 9443
- name: certInitializer
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
# login settings
login_method_backdoor = backdoor
--- /dev/null
+{{/*
+###
+# ============LICENSE_START==========================================
+# ONAP Portal SDK
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+#
+###
+*/}}
+
+# Properties read by the ECOMP Framework library (epsdk-fw)
+cipher.enc.key = ${CIPHER_ENC_KEY}
<!--<jmxConfigurator /> -->\r
<!-- specify the component name -->\r
<property name="componentName" value="onapsdk"></property>\r
+ <!-- specify the application name -->\r
+ <property name="application_name" value="PortalSDK"></property>\r
<!-- specify the base path of the log directory -->\r
<property name="logDirPrefix" value="/var/log/onap"></property>\r
<!-- The directories where logs are written -->\r
<!-- 1610 Logging Fields Format Revisions -->\r
<property name="auditLoggerPattern" value="%X{AuditLogBeginTimestamp}|%X{AuditLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
<property name="metricsLoggerPattern" value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
- <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
+ <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ErrorCategory}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
<property name="defaultLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />\r
<!-- use %class so library logging calls yield their class name -->\r
<property name="applicationLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%class{36}| %msg%n" />\r
<logger name="org.onap.eelf" level="info" additivity="false">\r
<appender-ref ref="asyncEELF" />\r
</logger>\r
- <logger name="org.onap.eelf.audit" level="info" additivity="false">\r
+ <logger name="EELFAudit" level="info" additivity="false">\r
<appender-ref ref="asyncEELFAudit" />\r
</logger>\r
<logger name="org.onap.eelf.debug" level="debug" additivity="false">\r
<appender-ref ref="asyncEELFDebug" />\r
</logger>\r
- <logger name="org.onap.eelf.error" level="info" additivity="false">\r
+ <logger name="EELFError" level="info" additivity="false">\r
<appender-ref ref="asyncEELFError" />\r
</logger>\r
- <logger name="org.onap.eelf.metrics" level="info" additivity="false">\r
+ <logger name="EELFMetrics" level="info" additivity="false">\r
<appender-ref ref="asyncEELFMetrics" />\r
</logger>\r
<root level="DEBUG">\r
<appender-ref ref="asyncEELF" />\r
+ <appender-ref ref="STDOUT" />\r
</root>\r
</configuration>\r
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
music.version = v2
#By default it's eventual
music.atomic.get = false
-music.atomic.put = true
+music.atomic.put = false
cassandra.host={{.Values.cassandra.service.name}}
-zookeeper.host={{.Values.zookeeper.service.name}}
-cassandra.user={{.Values.cassandra.config.cassandraUsername}}
-cassandra.password={{.Values.cassandra.config.cassandraPassword}}
+cassandra.user=${CASSA_USER}
+cassandra.password=${CASSA_PASSWORD}
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
# Properties read by ECOMP Framework library, ecompFW.jar
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
# Properties read by ECOMP Core library, ecompSDK-core.jar
db.driver = org.mariadb.jdbc.Driver
db.connectionURL = jdbc:mariadb://portal-db:3306/ecomp_sdk
-db.userName = root
-db.password = Aa123456
+db.userName =${PORTAL_DB_USER}
+db.password =${PORTAL_DB_PASSWORD}
db.min_pool_size = 5
db.max_pool_size = 10
hb.dialect = org.hibernate.dialect.MySQLDialect
ext_central_access_user_name = aaf_admin@people.osaaf.org
ext_central_access_password = demo123456!
ext_central_access_url = {{.Values.aafURL}}
-ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file
+ext_central_access_user_domain = @people.osaaf.org
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018,2020 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "portal-db"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-portalsdk-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ cd /config-input && \
+ for PFILE in `ls -1 *.xml`
+ do
+ cp ${PFILE} /config
+ chmod 0755 /config/${PFILE}
+ done
+ cd /config-input && \
+ for PFILE in `ls -1 *.properties`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ chmod 0755 /config/${PFILE}
+ done
+ env:
+ - name: CASSA_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }}
+ - name: CASSA_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
+ - name: CIPHER_ENC_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
+ - name: PORTAL_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+ - name: PORTAL_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: properties-onapportalsdk-scrubbed
+ - mountPath: /config
+ name: properties-onapportalsdk
{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["bash","-c"]
{{- if .Values.global.aafEnabled }}
- name: properties-onapportalsdk
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/portal.properties"
subPath: portal.properties
+ - name: properties-onapportalsdk
+ mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties"
+ subPath: key.properties
- name: properties-onapportalsdk
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/music.properties"
subPath: music.properties
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- name: filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ image: {{ include "repositoryGenerator.image.logging" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: /usr/share/filebeat/filebeat.yml
hostPath:
path: /etc/localtime
- name: properties-onapportalsdk
+ emptyDir:
+ medium: Memory
+ - name: properties-onapportalsdk-scrubbed
configMap:
name: {{ include "common.fullname" . }}-onapportalsdk
defaultMode: 0755
+{{/*
# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
env:
tomcatDir: "/usr/local/tomcat"
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
persistence: {}
#AAF service
aafEnabled: true
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+ - uid: portal-cass
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}'
+ login: '{{ .Values.cassandra.config.cassandraUsername }}'
+ password: '{{ .Values.cassandra.config.cassandraPassword }}'
+ passwordPolicy: required
+ - uid: portal-backend-db
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+ login: '{{ .Values.mariadb.config.backendUserName }}'
+ password: '{{ .Values.mariadb.config.backendPassword }}'
+ passwordPolicy: required
+ - uid: cipher-enc-key
+ type: password
+ externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
+ password: '{{ .Values.config.cipherEncKey }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
-image: onap/portal-sdk:3.2.0
+image: onap/portal-sdk:3.4.2
pullPolicy: Always
+# application configuration
+config:
+ # cipherEncKeyExternalSecret: some secret
+ cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==
+
+
#AAF local config
aafURL: https://aaf-service:8100/authz/
certInitializer:
mariadb:
service:
name: portal-db
+ config:
+ # backendDbExternalSecret: some secret
+ backendUserName: portal
+ backendPassword: portal
widget:
service:
name: portal-widget
service:
name: portal-cassandra
config:
+ # cassandraExternalSecret: some secret
cassandraUsername: root
cassandraPassword: Aa123456
-zookeeper:
- service:
- name: portal-zookeeper
messageRouter:
service:
name: message-router
- name: common
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\r
## App DB Properties\r
spring.datasource.url=jdbc:mysql://portal-db:3306/portal\r
-spring.datasource.username=root\r
-spring.datasource.password=Aa123456\r
+spring.datasource.username=${PORTAL_DB_USER}\r
+spring.datasource.password=${PORTAL_DB_PASSWORD}\r
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect\r
spring.database.driver.classname=org.mariadb.jdbc.Driver\r
spring.jpa.show-sql=false\r
spring.jpa.properties.hibernate.format_sql=false\r
\r
## Basic Authentication Properties\r
-security.user.name=widget_user\r
-security.user.password=ENC(IjywcRnI9+nuVEh9+OFFiRWAjBT1n718)\r
+security.user.name=${WIDGET_USER}\r
+security.user.password=${WIDGET_PASSWORD}\r
\r
initialization.default.widgets=true\r
initialization.widgetData.url=http://portal-app:{{.Values.global.portalPort}}/ONAPPORTAL/commonWidgets\r
\r
## Account Basic Authentication Properties\r
-account.user.name=portal\r
-account.user.password=6APqvG4AU2rfLgCvMdySwQ==\r
+account.user.name=${ACC_USER}\r
+account.user.password=${ACC_PASSWORD}\r
\r
## Certificate Properties\r
#server.ssl.key-store=classpath:widget-keystore.p12\r
#server.ssl.key-store-password=ENC(DiIYnAMab4u7rEW2yKhF9zBL00uU55q8)\r
#server.ssl.keyStoreType=PKCS12\r
#server.ssl.keyAlias=widget-microservice\r
-\r
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
jasypt:
encryptor:
- password: EncryptionKey
+ password: ${JASYPT_ENC_KEY}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "portal-db"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-portal-widget-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ cd /config-input && \
+ for PFILE in `ls -1 *.*`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ chmod 0755 /config/${PFILE}
+ done
+ env:
+ - name: PORTAL_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+ - name: PORTAL_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
+ - name: WIDGET_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "login") | indent 12 }}
+ - name: WIDGET_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "password") | indent 12 }}
+ - name: ACC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "login") | indent 12 }}
+ - name: ACC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "password") | indent 12 }}
+ - name: JASYPT_ENC_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "jasypt-enc-key" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: properties-onapwidgetms-scrubbed
+ - mountPath: /config
+ name: properties-onapwidgetms
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /start-wms.sh
hostPath:
path: /etc/localtime
- name: properties-onapwidgetms
+ emptyDir:
+ medium: Memory
+ - name: properties-onapwidgetms-scrubbed
configMap:
name: {{ include "common.fullname" . }}-onapwidgetms
defaultMode: 0755
--- /dev/null
+{{/*
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
#################################################################
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- ubuntuInit: ubuntu-init:1.0.0
+
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+ - uid: portal-backend-db
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+ login: '{{ .Values.mariadb.config.backendUserName }}'
+ password: '{{ .Values.mariadb.config.backendPassword }}'
+ passwordPolicy: required
+ - uid: portal-widget
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.widgetCredsExternalSecret) . }}'
+ login: '{{ .Values.config.widgetUsername }}'
+ password: '{{ .Values.config.widgetPassword }}'
+ passwordPolicy: required
+ - uid: portal-account
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.accountCredsExternalSecret) . }}'
+ login: '{{ .Values.config.accountUsername }}'
+ password: '{{ .Values.config.accountPassword }}'
+ passwordPolicy: required
+ - uid: jasypt-enc-key
+ type: password
+ externalSecret: '{{ .Values.config.jasyptEncKeyExternalSecret}}'
+ password: '{{ .Values.config.jasyptEncKey }}'
+ passwordPolicy: required
+
+config:
+ widgetUsername: widget_user
+ widgetPassword: widget_pass
+# widgetCredsExternalSecret: some secret
+ accountUsername: portal
+ accountPassword: portal
+# accountCredsExternalSecret: some secret
+ jasyptEncKey: EncryptionKey
+ # jasyptEncKeyExternalSecret: some secret
#################################################################
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
-image: onap/portal-wms:3.2.3
+image: onap/portal-wms:3.4.2
pullPolicy: Always
# flag to enable debugging - application support required
mariadb:
service:
name: portal-db
+ config:
+ # backendDbExternalSecret: some secret
+ backendUserName: portal
+ backendPassword: portal
service:
type: ClusterIP
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: Zookeeper for ONAP Portal
-name: portal-zookeeper
-version: 6.0.0
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.externalPort }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- {{- end}}
- name: {{ .Values.service.portName }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Default values for mariadb.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-global: # global defaults
- nodePortPrefix: 302
- persistence: {}
-
-
-# application image
-repository: nexus3.onap.org:10001
-image: zookeeper:3.4
-pullPolicy: Always
-
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: portal-zookeeper
- portName: portal-zk
- externalPort: 2181
- internalPort: 2181
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 100m
- memory: 200Mi
- requests:
- cpu: 1m
- memory: 80Mi
- large:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 500m
- memory: 600Mi
- unlimited: {}
- name: portal-widget
version: ~6.x-0
repository: 'file://components/portal-widget'
- - name: portal-zookeeper
- version: ~6.x-0
- repository: 'file://components/portal-zookeeper'
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
filebeat.prospectors:
#it is mandatory, in our case it's log
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
portalFEPort: "30225"
# application's front end hostname. Must be resolvable on the client side environment
portalHostName: "portal.api.simpledemo.onap.org"
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: portal-cass
+ name: &dbSecretName '{{ include "common.release" . }}-portal-cass-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.casandraCredsExternalSecret) . }}'
+ login: '{{ .Values.config.cassandraUsername }}'
+ password: '{{ .Values.config.cassandraPassword }}'
+ - uid: portal-backend-db
+ name: &backendDbSecretName '{{ include "common.release" . }}-portal-backend-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+ login: '{{ .Values.mariadb.config.backendUserName }}'
+ password: '{{ .Values.mariadb.config.backendPassword }}'
+ passwordPolicy: required
+
config:
logstashServiceName: log-ls
logstashPort: 5044
+ cassandraUsername: root
+ cassandraPassword: Aa123456
+# casandraCredsExternalSecret: some secret
+
portal-mariadb:
nameOverride: portal-db
mariadb:
service:
name: portal-db
+ config:
+# backendDbExternalSecret: some secret
+ backendUserName: portal
+ backendPassword: portal
+
widget:
service:
name: portal-widget
service:
name: portal-cassandra
config:
- cassandraUsername: root
- cassandraPassword: Aa123456
-zookeeper:
- service:
- name: portal-zookeeper
+ cassandraExternalSecret: *dbSecretName
+portal-app:
+ mariadb:
+ config:
+ backendDbExternalSecret: *backendDbSecretName
+ cassandra:
+ config:
+ cassandraExternalSecret: *dbSecretName
+portal-sdk:
+ mariadb:
+ config:
+ backendDbExternalSecret: *backendDbSecretName
+ cassandra:
+ config:
+ cassandraExternalSecret: *dbSecretName
messageRouter:
service:
name: message-router
ingress:
- enabled: false
\ No newline at end of file
+ enabled: false
+++ /dev/null
-# Eclipse
-.classpath
-.factorypath
-.project
-.pydevproject
-.settings/
-
-# IntelliJ
-.idea/*
-*.iml
-
-# Mac OS
-*DS_Store*
-
-/target
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: healthy
- version: 1.0.0
- name: healthy
-spec:
- selector:
- matchLabels:
- app: healthy
- version: 1.0.0
- template:
- metadata:
- labels:
- app: healthy
- version: 1.0.0
- name: healthy
- spec:
- containers:
- - args:
- - --container-name
- - hbase
- command:
- - /root/ready.py
- image: oomk8s/readiness-check:2.0.0
- imagePullPolicy: Always
- name: healthy
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
+++ /dev/null
-<!--
-
- ============LICENSE_START=======================================================
- org.onap.aai
- ================================================================================
- Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- ============LICENSE_END=========================================================
-
--->
-<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.onap.oparent</groupId>
- <artifactId>oparent</artifactId>
- <version>2.0.0</version>
- </parent>
-
- <groupId>org.onap.oom.readiness.check</groupId>
- <artifactId>readiness-check-docker</artifactId>
- <version>2.2.1-SNAPSHOT</version>
- <packaging>pom</packaging>
- <name>oom-readiness-check-image</name>
- <description>Contains dockerfiles and scrtipts for readiness-ckeck image.</description>
-
- <properties>
- <docker.fabric.version>0.31.0</docker.fabric.version>
- <oom.docker.namespace>onap</oom.docker.namespace>
- </properties>
-
- <build>
- <plugins>
- <plugin>
- <groupId>io.fabric8</groupId>
- <artifactId>docker-maven-plugin</artifactId>
- <version>${docker.fabric.version}</version>
- <configuration>
- <verbose>true</verbose>
- <apiVersion>1.23</apiVersion>
- <images>
- <image>
- <name>${docker.push.registry}/${oom.docker.namespace}/readiness-check:%l</name>
- <build>
- <filter>@</filter>
- <assembly>
- <mode>dir</mode>
- <inline xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">
- <fileSets>
- <fileSet>
- <directory>${project.basedir}/src/main/scripts</directory>
- <outputDirectory>/</outputDirectory>
- <includes>
- <include>**/*</include>
- </includes>
- </fileSet>
- </fileSets>
- </inline>
- </assembly>
- <tags>
- <tag>latest</tag>
- <tag>latest-${project.version}</tag>
- </tags>
- <cleanup>try</cleanup>
- <dockerFileDir>${project.basedir}/src/main/docker</dockerFileDir>
- </build>
- </image>
- </images>
- </configuration>
- <executions>
- <execution>
- <id>clean-images</id>
- <phase>pre-clean</phase>
- <goals>
- <goal>remove</goal>
- </goals>
- <configuration>
- <removeAll>true</removeAll>
- </configuration>
- </execution>
- <execution>
- <id>generate-images</id>
- <phase>package</phase>
- <goals>
- <goal>build</goal>
- </goals>
- </execution>
- <execution>
- <id>push-images</id>
- <phase>deploy</phase>
- <goals>
- <goal>push</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
-</project>
\ No newline at end of file
+++ /dev/null
-FROM python:3-alpine3.9
-
-ENV no_proxy "localhost,127.0.0.1,.cluster.local,$KUBERNETES_SERVICE_HOST"
-# Setup Corporate proxy
-ENV https_proxy ${HTTPS_PROXY}
-ENV http_proxy ${HTTP_PROXY}
-
-RUN pip install requests pyyaml kubernetes
-
-ENV CERT="/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
-ENV TOKEN="/var/run/secrets/kubernetes.io/serviceaccount/token"
-
-COPY maven/ /root/
-RUN chmod -R a+x /root/
-
-ENTRYPOINT ["/root/ready.py"]
-CMD [""]
\ No newline at end of file
+++ /dev/null
-#!/usr/bin/env python
-import getopt
-import logging
-import os
-import sys
-import time
-import random
-
-from kubernetes import client
-
-# extract env variables.
-namespace = os.environ['NAMESPACE']
-cert = os.environ['CERT']
-host = os.environ['KUBERNETES_SERVICE_HOST']
-token_path = os.environ['TOKEN']
-
-with open(token_path, 'r') as token_file:
- token = token_file.read().replace('\n', '')
-
-# setup logging
-log = logging.getLogger(__name__)
-handler = logging.StreamHandler(sys.stdout)
-formatter = logging.Formatter('%(asctime)s - %(levelname)s - %(message)s')
-handler.setFormatter(formatter)
-handler.setLevel(logging.INFO)
-log.addHandler(handler)
-log.setLevel(logging.INFO)
-
-configuration = client.Configuration()
-configuration.host = "https://" + host
-configuration.ssl_ca_cert = cert
-configuration.api_key['authorization'] = token
-configuration.api_key_prefix['authorization'] = 'Bearer'
-batchV1Api = client.BatchV1Api(client.ApiClient(configuration))
-
-
-def is_job_complete(job_name):
- complete = False
- log.info("Checking if " + job_name + " is complete")
- response = ""
- try:
- response = batchV1Api.read_namespaced_job_status(job_name, namespace)
- if response.status.succeeded == 1:
- job_status_type = response.status.conditions[0].type
- if job_status_type == "Complete":
- complete = True
- else:
- log.info(job_name + " is not complete")
- else:
- log.info(job_name + " has not succeeded yet")
- return complete
- except Exception as e:
- log.error("Exception when calling read_namespaced_job_status: %s\n" % e)
-
-
-DEF_TIMEOUT = 10
-DESCRIPTION = "Kubernetes container job complete check utility"
-USAGE = "Usage: job_complete.py [-t <timeout>] -j <job_name> " \
- "[-j <job_name> ...]\n" \
- "where\n" \
- "<timeout> - wait for container job complete timeout in min, " \
- "default is " + str(DEF_TIMEOUT) + "\n" \
- "<job_name> - name of the job to wait for\n"
-
-
-def main(argv):
- # args are a list of job names
- job_names = []
- timeout = DEF_TIMEOUT
- try:
- opts, args = getopt.getopt(argv, "hj:t:", ["job-name=",
- "timeout=",
- "help"])
- for opt, arg in opts:
- if opt in ("-h", "--help"):
- print("%s\n\n%s" % (DESCRIPTION, USAGE))
- sys.exit()
- elif opt in ("-j", "--job-name"):
- job_names.append(arg)
- elif opt in ("-t", "--timeout"):
- timeout = float(arg)
- except (getopt.GetoptError, ValueError) as e:
- print("Error parsing input parameters: %s\n" % e)
- print(USAGE)
- sys.exit(2)
- if job_names.__len__() == 0:
- print("Missing required input parameter(s)\n")
- print(USAGE)
- sys.exit(2)
-
- for job_name in job_names:
- timeout = time.time() + timeout * 60
- while True:
- complete = is_job_complete(job_name)
- if complete is True:
- break
- elif time.time() > timeout:
- log.warning("timed out waiting for '" + job_name +
- "' to be completed")
- exit(1)
- else:
- # spread in time potentially parallel execution in multiple
- # containers
- time.sleep(random.randint(5, 11))
-
-
-if __name__ == "__main__":
- main(sys.argv[1:])
+++ /dev/null
-#!/usr/bin/env python
-import getopt
-import logging
-import os
-import sys
-import time
-import random
-
-from kubernetes import client
-
-# extract env variables.
-namespace = os.environ['NAMESPACE']
-cert = os.environ['CERT']
-host = os.environ['KUBERNETES_SERVICE_HOST']
-token_path = os.environ['TOKEN']
-
-with open(token_path, 'r') as token_file:
- token = token_file.read().replace('\n', '')
-
-# setup logging
-log = logging.getLogger(__name__)
-handler = logging.StreamHandler(sys.stdout)
-formatter = logging.Formatter('%(asctime)s - %(levelname)s - %(message)s')
-handler.setFormatter(formatter)
-handler.setLevel(logging.INFO)
-log.addHandler(handler)
-log.setLevel(logging.INFO)
-
-configuration = client.Configuration()
-configuration.host = "https://" + host
-configuration.ssl_ca_cert = cert
-configuration.api_key['authorization'] = token
-configuration.api_key_prefix['authorization'] = 'Bearer'
-coreV1Api = client.CoreV1Api(client.ApiClient(configuration))
-api_instance = client.ExtensionsV1beta1Api(client.ApiClient(configuration))
-api = client.AppsV1beta1Api(client.ApiClient(configuration))
-batchV1Api = client.BatchV1Api(client.ApiClient(configuration))
-
-
-def is_job_complete(job_name):
- complete = False
- log.info("Checking if " + job_name + " is complete")
- try:
- response = batchV1Api.read_namespaced_job_status(job_name, namespace)
- if response.status.succeeded == 1:
- job_status_type = response.status.conditions[0].type
- if job_status_type == "Complete":
- complete = True
- log.info(job_name + " is complete")
- else:
- log.info(job_name + " is not complete")
- else:
- log.info(job_name + " has not succeeded yet")
- return complete
- except Exception as e:
- log.error("Exception when calling read_namespaced_job_status: %s\n" % e)
-
-
-def wait_for_statefulset_complete(statefulset_name):
- try:
- response = api.read_namespaced_stateful_set(statefulset_name, namespace)
- s = response.status
- if (s.replicas == response.spec.replicas and
- s.ready_replicas == response.spec.replicas and
- s.observed_generation == response.metadata.generation):
- log.info("Statefulset " + statefulset_name + " is ready")
- return True
- else:
- log.info("Statefulset " + statefulset_name + " is not ready")
- return False
- except Exception as e:
- log.error("Exception when waiting for Statefulset status: %s\n" % e)
-
-
-def wait_for_deployment_complete(deployment_name):
- try:
- response = api.read_namespaced_deployment(deployment_name, namespace)
- s = response.status
- if (s.unavailable_replicas is None and
- ( s.updated_replicas is None or s.updated_replicas == response.spec.replicas ) and
- s.replicas == response.spec.replicas and
- s.ready_replicas == response.spec.replicas and
- s.observed_generation == response.metadata.generation):
- log.info("Deployment " + deployment_name + " is ready")
- return True
- else:
- log.info("Deployment " + deployment_name + " is not ready")
- return False
- except Exception as e:
- log.error("Exception when waiting for deployment status: %s\n" % e)
-
-
-def wait_for_daemonset_complete(daemonset_name):
- try:
- response = api_instance.read_namespaced_daemon_set(daemonset_name, namespace)
- s = response.status
- if s.desired_number_scheduled == s.number_ready:
- log.info("DaemonSet: " + str(s.number_ready) + "/" + str(s.desired_number_scheduled) + " nodes ready --> " + daemonset_name + " is ready")
- return True
- else:
- log.info("DaemonSet: " + str(s.number_ready) + "/" + str(s.desired_number_scheduled) + " nodes ready --> " + daemonset_name + " is not ready")
- return False
- except Exception as e:
- log.error("Exception when waiting for DaemonSet status: %s\n" % e)
-
-
-def is_ready(container_name):
- ready = False
- log.info("Checking if " + container_name + " is ready")
- try:
- response = coreV1Api.list_namespaced_pod(namespace=namespace,
- watch=False)
- for i in response.items:
- # container_statuses can be None, which is non-iterable.
- if i.status.container_statuses is None:
- continue
- for s in i.status.container_statuses:
- if s.name == container_name:
- name = read_name(i)
- if i.metadata.owner_references[0].kind == "StatefulSet":
- ready = wait_for_statefulset_complete(name)
- elif i.metadata.owner_references[0].kind == "ReplicaSet":
- deployment_name = get_deployment_name(name)
- ready = wait_for_deployment_complete(deployment_name)
- elif i.metadata.owner_references[0].kind == "Job":
- ready = is_job_complete(name)
- elif i.metadata.owner_references[0].kind == "DaemonSet":
- ready = wait_for_daemonset_complete(i.metadata.owner_references[0].name)
-
- return ready
-
- else:
- continue
- return ready
- except Exception as e:
- log.error("Exception when calling list_namespaced_pod: %s\n" % e)
-
-
-def read_name(item):
- return item.metadata.owner_references[0].name
-
-
-def get_deployment_name(replicaset):
- api_response = api_instance.read_namespaced_replica_set_status(replicaset,
- namespace)
- deployment_name = read_name(api_response)
- return deployment_name
-
-
-DEF_TIMEOUT = 10
-DESCRIPTION = "Kubernetes container readiness check utility"
-USAGE = "Usage: ready.py [-t <timeout>] -c <container_name> " \
- "[-c <container_name> ...]\n" \
- "where\n" \
- "<timeout> - wait for container readiness timeout in min, " \
- "default is " + str(DEF_TIMEOUT) + "\n" \
- "<container_name> - name of the container to wait for\n"
-
-
-def main(argv):
- # args are a list of container names
- container_names = []
- timeout = DEF_TIMEOUT
- try:
- opts, args = getopt.getopt(argv, "hc:t:", ["container-name=",
- "timeout=",
- "help"])
- for opt, arg in opts:
- if opt in ("-h", "--help"):
- print("%s\n\n%s" % (DESCRIPTION, USAGE))
- sys.exit()
- elif opt in ("-c", "--container-name"):
- container_names.append(arg)
- elif opt in ("-t", "--timeout"):
- timeout = float(arg)
- except (getopt.GetoptError, ValueError) as e:
- print("Error parsing input parameters: %s\n" % e)
- print(USAGE)
- sys.exit(2)
- if container_names.__len__() == 0:
- print("Missing required input parameter(s)\n")
- print(USAGE)
- sys.exit(2)
-
- for container_name in container_names:
- timeout = time.time() + timeout * 60
- while True:
- ready = is_ready(container_name)
- if ready is True:
- break
- elif time.time() > timeout:
- log.warning("timed out waiting for '" + container_name +
- "' to be ready")
- exit(1)
- else:
- # spread in time potentially parallel execution in multiple
- # containers
- time.sleep(random.randint(5, 11))
-
-
-if __name__ == "__main__":
- main(sys.argv[1:])
-
-Subproject commit ad58ed92bd7c5cc7d51c09b405a99fd360ff5268
+Subproject commit 37ac984e35503182f7fc1b771cefa16bf0c84203
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj\r
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
--- /dev/null
+# Copyright © 2020 Samsung Electronics, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- selector: {{- include "common.selectors" . | nindent 4 }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - "sdc-onboarding-be"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-update-config
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /config-input/
- - name: sdc-environments-output
- mountPath: /config-output/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports: {{ include "common.containerPorts" . | nindent 10 }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- httpGet:
- path: /sdc2/rest/healthCheck
- port: {{ .Values.liveness.port }}
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end }}
- readinessProbe:
- exec:
- command:
- - "/var/lib/jetty/ready-probe.sh"
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- resources: {{ include "common.resources" . | nindent 12 }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: JAVA_OPTIONS
- value: {{ .Values.config.javaOptions }}
- - name: cassandra_ssl_enabled
- value: {{ .Values.config.cassandraSslEnabled | quote }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumeMounts:
- - name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-logback
- mountPath: /tmp/logback.xml
- subPath: logback.xml
- lifecycle:
- postStart:
- exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/catalog-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logback
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- - name: sdc-environments-output
- emptyDir: { medium: "Memory" }
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-config-backend
- namespace: {{ include "common.namespace" . }}
- labels: {{- include "common.labels" . | nindent 4 }}
-spec:
- backoffLimit: 20
- template:
- metadata:
- labels:
- app.kubernetes.io/name: {{ include "common.name" . }}-job
- helm.sh/chart: {{ include "common.chart" . }}
- app.kubernetes.io/instance: {{ include "common.release" . }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
- spec:
- restartPolicy: Never
- initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - sdc-be
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}-job
- image: "{{ include "common.repository" . }}/{{ .Values.backendInitImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /home/sdc/chef-solo/environments/
- - name: sdc-logs
- mountPath: /var/lib/jetty/logs
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumes:
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- - name: sdc-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Never
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.service" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.7
-backendInitImage: onap/sdc-backend-init:1.6.7
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-config:
- javaOptions: "-Xmx1536m -Xms1536m"
- cassandraSslEnabled: "false"
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- timeoutSeconds: 5
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- port: api
- enabled: true
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 10
- timeoutSeconds: 5
-
-service:
- type: NodePort
- name: sdc-be
- both_tls_and_plain: true
- msb:
- - port: 8080
- url: "/sdc/v1"
- version: "v1"
- protocol: "REST"
- visualRange: "1"
- serviceName: sdc
- - port: 8080
- url: "/sdc/v1"
- version: "v1"
- protocol: "REST"
- visualRange: "1"
- serviceName: sdc-deprecated
- ports:
- - name: api
- port: 8443
- plain_port: 8080
- port_protocol: http
- nodePort: '04'
-
-ingress:
- enabled: false
- service:
- - baseaddr: "sdc.api.be"
- name: "sdc-be"
- port: 8443
- config:
- ssl: "redirect"
-
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-config-cassandra
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- backoffLimit: 20
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
- spec:
- restartPolicy: Never
- initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- {{- if .Values.global.cassandra.localCluster }}
- - sdc-cs
- {{- else }}
- - cassandra
- {{- end }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}-job
- image: "{{ include "common.repository" . }}/{{ .Values.cassandraInitImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /home/sdc/chef-solo/environments/
- - name: {{ include "common.fullname" . }}-chef-cache
- mountPath: /home/sdc/chef-solo/cache
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: RELEASE
- value: {{ .Values.config.release }}
- - name: SDC_USER
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
- - name: SDC_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
- - name: CS_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_password}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumes:
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- - name: {{ include "common.fullname" . }}-chef-cache
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Never
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.7
-cassandraInitImage: onap/sdc-cassandra-init:1.6.7
-
-pullPolicy: Always
-
-config:
- release: latest
- maxHeapSize: "1536M"
- heapNewSize: "512M"
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 120
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: sdc-cs
- portName: sdc-cs
- externalPort: 9042
- internalPort: 9042
-
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: /sdc/sdc-cs/CS
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP SDC DCAE Backend client of TOSCALAB and SDC
-name: sdc-dcae-be
-version: 6.0.0
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>\r
-<!--\r
-================================================================================\r
-Copyright (C) 2018 AT&T Intellectual Property\r
-================================================================================\r
-Licensed under the Apache License, Version 2.0 (the "License");\r
-you may not use this file except in compliance with the License.\r
-You may obtain a copy of the License at\r
-\r
- http://www.apache.org/licenses/LICENSE-2.0\r
-\r
-Unless required by applicable law or agreed to in writing, software\r
-distributed under the License is distributed on an "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-See the License for the specific language governing permissions and\r
-limitations under the License.\r
-================================================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="3 seconds">\r
- <property name="logDir" value="/var/log/onap" />\r
- <property name="componentName" scope="system" value="sdc"></property>\r
- <property name="subComponentName" scope="system" value="dcae-be"></property>\r
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />\r
- <property file="${config.home}/dcae-be/configuration.yaml" />\r
- <property name="enable-all-log" scope="context" value="false" />\r
- <!-- log file names -->\r
- <property name="errorLogName" value="error" />\r
- <property name="metricsLogName" value="metrics" />\r
- <property name="auditLogName" value="audit" />\r
- <property name="debugLogName" value="debug" />\r
- <property name="transactionLogName" value="transaction" />\r
- <property name="allLogName" value="all" />\r
- <property name="queueSize" value="256" />\r
- <property name="maxFileSize" value="50MB" />\r
- <property name="maxHistory" value="30" />\r
- <property name="totalSizeCap" value="10GB" />\r
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />\r
- <!-- All log -->\r
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
- <then>\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">\r
- <file>${logDirectory}/${allLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">\r
- <appender-ref ref="ALL_ROLLING" />\r
- </appender>\r
- </then>\r
- </if>\r
- <!-- Error log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">\r
- <file>${logDirectory}/${errorLogName}.log</file>\r
- <!-- Audit messages filter - deny audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>AUDIT_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- Transaction messages filter - deny Transaction messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>INFO</level>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Debug log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">\r
- <file>${logDirectory}/${debugLogName}.log</file>\r
- <!-- No need to deny audit messages - they are INFO only, will be denied\r
- anyway -->\r
- <!-- Transaction messages filter - deny Transaction messages, there are\r
- some DEBUG level messages among them -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- accept DEBUG and TRACE level -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">\r
- <expression>e.level.toInt() <= DEBUG.toInt()</expression>\r
- </evaluator>\r
- <OnMismatch>DENY</OnMismatch>\r
- <OnMatch>NEUTRAL</OnMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Audit log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">\r
- <file>${logDirectory}/${auditLogName}.log</file>\r
- <!-- Audit messages filter - accept audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>AUDIT_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>DENY</onMismatch>\r
- <onMatch>ACCEPT</onMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- SdncTransaction log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">\r
- <file>${logDirectory}/${transactionLogName}.log</file>\r
- <!-- Transaction messages filter - accept audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>DENY</onMismatch>\r
- <onMatch>ACCEPT</onMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Asynchronicity Configurations -->\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="DEBUG_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="TRANSACTION_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="ERROR_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="AUDIT_ROLLING" />\r
- </appender>\r
- <root level="INFO">\r
- <appender-ref ref="ASYNC_ERROR" />\r
- <appender-ref ref="ASYNC_DEBUG" />\r
- <appender-ref ref="ASYNC_AUDIT" />\r
- <appender-ref ref="ASYNC_TRANSACTION" />\r
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
- <then>\r
- <appender-ref ref="ALL_ROLLING" />\r
- </then>\r
- </if>\r
- </root>\r
- <logger level="INFO" name="org.openecomp.sdc" />\r
-</configuration>\r
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - "sdc-be"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-be-config-backend
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-update-config
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /config-input/
- - name: sdc-environments-output
- mountPath: /config-output/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort2 }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- httpGet:
- path: /dcae/conf/composition
- port: {{ .Values.service.internalPort2 }}
- scheme: HTTPS
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: JAVA_OPTIONS
- value: {{ .Values.config.javaOptions }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumeMounts:
- - name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/lib/jetty/logs
- - name: {{ include "common.fullname" . }}-logback
- mountPath: /tmp/logback.xml
- subPath: logback.xml
- lifecycle:
- postStart:
- exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/dcae-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logback
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- - name: sdc-environments-output
- emptyDir: { medium: "Memory" }
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-tools
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- backoffLimit: 20
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
- spec:
- restartPolicy: Never
- initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - {{ include "common.name" . }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}-job
- image: {{ include "common.repository" . }}/{{ .Values.backendInitImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /var/lib/jetty/chef-solo/environments
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumes:
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Never
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "sdc-dcae-be",
- "version": "v1",
- "url": "/dcae",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort2 }}",
- "visualRange": "1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dcae-be:1.3.4
-pullPolicy: Always
-backendInitImage: onap/dcae-tools:1.3.4
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-config:
- javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-be/logback-spring.xml
- cassandraSslEnabled: "false"
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 240
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
-
-readiness:
- initialDelaySeconds: 240
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: sdc-dcae-be
- portName: sdc-dcae-be-8082
- externalPort: 8082
- internalPort: 8082
- portName2: sdc-dcae-be-8444
- externalPort2: 8444
- internalPort2: 8444
-
-ingress:
- enabled: false
- service:
- - baseaddr: "sdc.dcae.plugin"
- name: "sdc-dcae-be"
- port: 8282
- config:
- ssl: "none"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP DCAE desiner composition tool for creating customized templates
-name: sdc-dcae-dt
-version: 6.0.0
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>\r
-<!--\r
-================================================================================\r
-Copyright (C) 2018 AT&T Intellectual Property\r
-================================================================================\r
-Licensed under the Apache License, Version 2.0 (the "License");\r
-you may not use this file except in compliance with the License.\r
-You may obtain a copy of the License at\r
-\r
- http://www.apache.org/licenses/LICENSE-2.0\r
-\r
-Unless required by applicable law or agreed to in writing, software\r
-distributed under the License is distributed on an "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-See the License for the specific language governing permissions and\r
-limitations under the License.\r
-================================================================================\r
--->\r
-\r
-<configuration scan="true" scanPeriod="3 seconds">\r
- <property name="logDir" value="/var/log/onap" />\r
- <property name="componentName" scope="system" value="sdc"></property>\r
- <property name="subComponentName" scope="system" value="dcae-dt"></property>\r
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />\r
- <property file="${config.home}/dcae-dt/configuration.yaml" />\r
- <property name="enable-all-log" scope="context" value="false" />\r
- <!-- log file names -->\r
- <property name="errorLogName" value="error" />\r
- <property name="metricsLogName" value="metrics" />\r
- <property name="auditLogName" value="audit" />\r
- <property name="debugLogName" value="debug" />\r
- <property name="transactionLogName" value="transaction" />\r
- <property name="allLogName" value="all" />\r
- <property name="queueSize" value="256" />\r
- <property name="maxFileSize" value="50MB" />\r
- <property name="maxHistory" value="30" />\r
- <property name="totalSizeCap" value="10GB" />\r
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />\r
- <!-- All log -->\r
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
- <then>\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">\r
- <file>${logDirectory}/${allLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">\r
- <appender-ref ref="ALL_ROLLING" />\r
- </appender>\r
- </then>\r
- </if>\r
- <!-- Error log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">\r
- <file>${logDirectory}/${errorLogName}.log</file>\r
- <!-- Audit messages filter - deny audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>AUDIT_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- Transaction messages filter - deny Transaction messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>INFO</level>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Debug log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">\r
- <file>${logDirectory}/${debugLogName}.log</file>\r
- <!-- No need to deny audit messages - they are INFO only, will be denied\r
- anyway -->\r
- <!-- Transaction messages filter - deny Transaction messages, there are\r
- some DEBUG level messages among them -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- accept DEBUG and TRACE level -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">\r
- <expression>e.level.toInt() <= DEBUG.toInt()</expression>\r
- </evaluator>\r
- <OnMismatch>DENY</OnMismatch>\r
- <OnMatch>NEUTRAL</OnMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Audit log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">\r
- <file>${logDirectory}/${auditLogName}.log</file>\r
- <!-- Audit messages filter - accept audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>AUDIT_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>DENY</onMismatch>\r
- <onMatch>ACCEPT</onMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- SdncTransaction log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">\r
- <file>${logDirectory}/${transactionLogName}.log</file>\r
- <!-- Transaction messages filter - accept audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>DENY</onMismatch>\r
- <onMatch>ACCEPT</onMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Asynchronicity Configurations -->\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="DEBUG_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="TRANSACTION_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="ERROR_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="AUDIT_ROLLING" />\r
- </appender>\r
- <root level="INFO">\r
- <appender-ref ref="ASYNC_ERROR" />\r
- <appender-ref ref="ASYNC_DEBUG" />\r
- <appender-ref ref="ASYNC_AUDIT" />\r
- <appender-ref ref="ASYNC_TRANSACTION" />\r
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
- <then>\r
- <appender-ref ref="ALL_ROLLING" />\r
- </then>\r
- </if>\r
- </root>\r
- <logger level="INFO" name="org.openecomp.sdc" />\r
-</configuration>\r
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.fullname" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - sdc-dcae-be
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-dcae-be-tools
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-update-config
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /config-input/
- - name: sdc-environments-output
- mountPath: /config-output/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- httpGet:
- path: /dcae/healthCheckOld
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: JAVA_OPTIONS
- value: {{ .Values.config.javaOptions }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumeMounts:
- - name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/lib/jetty/logs
- - name: {{ include "common.fullname" . }}-logback
- mountPath: /tmp/logback.xml
- subPath: logback.xml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logback
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- - name: sdc-environments-output
- emptyDir: { medium: "Memory" }
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "sdc-dcae-dt",
- "version": "v1",
- "url": "/dcae",
- "protocol": "UI",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange": "0|1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dcae-dt:1.3.4
-pullPolicy: IfNotPresent
-config:
- javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- enabled: false
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: NodePort
- name: sdc-dcae-dt
- portName: dcae-dt
- nodePort: "66"
- internalPort: 9446
-
-ingress:
- enabled: false
- service:
- - baseaddr: "dcaedt"
- name: "sdc-dcae-dt"
- port: 9446
- config:
- ssl: "redirect"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2013 Amdocs, AT&T,Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP SDC DCAE UI for service monitoring and MC create and configure
-name: sdc-dcae-fe
-version: 6.0.0
+++ /dev/null
-<?xml version="1.0" encoding="utf-8"?>\r
-<!--\r
-================================================================================\r
-Copyright (C) 2018 AT&T Intellectual Property\r
-================================================================================\r
-Licensed under the Apache License, Version 2.0 (the "License");\r
-you may not use this file except in compliance with the License.\r
-You may obtain a copy of the License at\r
-\r
- http://www.apache.org/licenses/LICENSE-2.0\r
-\r
-Unless required by applicable law or agreed to in writing, software\r
-distributed under the License is distributed on an "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-See the License for the specific language governing permissions and\r
-limitations under the License.\r
-================================================================================\r
--->\r
-<configuration scan="true" scanPeriod="3 seconds">\r
- <property name="logDir" value="/var/log/onap" />\r
- <property name="componentName" scope="system" value="sdc"></property>\r
- <property name="subComponentName" scope="system" value="dcae-fe"></property>\r
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />\r
- <property file="${config.home}/dcae-fe/configuration.yaml" />\r
- <property name="enable-all-log" scope="context" value="false" />\r
- <!-- log file names -->\r
- <property name="errorLogName" value="error" />\r
- <property name="metricsLogName" value="metrics" />\r
- <property name="auditLogName" value="audit" />\r
- <property name="debugLogName" value="debug" />\r
- <property name="transactionLogName" value="transaction" />\r
- <property name="allLogName" value="all" />\r
- <property name="queueSize" value="256" />\r
- <property name="maxFileSize" value="50MB" />\r
- <property name="maxHistory" value="30" />\r
- <property name="totalSizeCap" value="10GB" />\r
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />\r
- <!-- All log -->\r
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
- <then>\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">\r
- <file>${logDirectory}/${allLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">\r
- <appender-ref ref="ALL_ROLLING" />\r
- </appender>\r
- </then>\r
- </if>\r
- <!-- Error log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">\r
- <file>${logDirectory}/${errorLogName}.log</file>\r
- <!-- Audit messages filter - deny audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>AUDIT_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- Transaction messages filter - deny Transaction messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->\r
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
- <level>INFO</level>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Debug log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">\r
- <file>${logDirectory}/${debugLogName}.log</file>\r
- <!-- No need to deny audit messages - they are INFO only, will be denied\r
- anyway -->\r
- <!-- Transaction messages filter - deny Transaction messages, there are\r
- some DEBUG level messages among them -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>NEUTRAL</onMismatch>\r
- <onMatch>DENY</onMatch>\r
- </filter>\r
- <!-- accept DEBUG and TRACE level -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">\r
- <expression>e.level.toInt() <= DEBUG.toInt()</expression>\r
- </evaluator>\r
- <OnMismatch>DENY</OnMismatch>\r
- <OnMatch>NEUTRAL</OnMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Audit log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">\r
- <file>${logDirectory}/${auditLogName}.log</file>\r
- <!-- Audit messages filter - accept audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>AUDIT_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>DENY</onMismatch>\r
- <onMatch>ACCEPT</onMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- SdncTransaction log -->\r
- <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">\r
- <file>${logDirectory}/${transactionLogName}.log</file>\r
- <!-- Transaction messages filter - accept audit messages -->\r
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
- <marker>TRANSACTION_MARKER</marker>\r
- </evaluator>\r
- <onMismatch>DENY</onMismatch>\r
- <onMatch>ACCEPT</onMatch>\r
- </filter>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
- <maxFileSize>${maxFileSize}</maxFileSize>\r
- </timeBasedFileNamingAndTriggeringPolicy>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${pattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- Asynchronicity Configurations -->\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="DEBUG_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="TRANSACTION_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="ERROR_ROLLING" />\r
- </appender>\r
- <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">\r
- <queueSize>${queueSize}</queueSize>\r
- <appender-ref ref="AUDIT_ROLLING" />\r
- </appender>\r
- <root level="INFO">\r
- <appender-ref ref="ASYNC_ERROR" />\r
- <appender-ref ref="ASYNC_DEBUG" />\r
- <appender-ref ref="ASYNC_AUDIT" />\r
- <appender-ref ref="ASYNC_TRANSACTION" />\r
- <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
- <then>\r
- <appender-ref ref="ALL_ROLLING" />\r
- </then>\r
- </if>\r
- </root>\r
- <logger level="INFO" name="org.openecomp.sdc" />\r
-</configuration>\r
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.fullname" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - sdc-dcae-be
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-dcae-be-tools
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-update-config
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /config-input/
- - name: sdc-environments-output
- mountPath: /config-output/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- httpGet:
- path: /dcaed/healthCheck
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: JAVA_OPTIONS
- value: {{ .Values.config.javaOptions }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumeMounts:
- - name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/lib/jetty/logs
- - name: {{ include "common.fullname" . }}-logback
- mountPath: /tmp/logback.xml
- subPath: logback.xml
- lifecycle:
- postStart:
- exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/dcae-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logback
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- - name: sdc-environments-output
- emptyDir: { medium: "Memory" }
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "dcae-gui",
- "version": "v1",
- "url": "/dcae",
- "protocol": "UI",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange": "0|1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dcae-fe:1.3.4
-pullPolicy: Always
-config:
- javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: NodePort
- name: sdc-dcae-fe
- portName: dcae-fe
- nodePort: "64"
- internalPort: 9444
-
-ingress:
- enabled: false
- service:
- - baseaddr: "dcaedt"
- name: "sdc-dcae-fe"
- port: 9444
- config:
- ssl: "redirect"
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Tosca model for component monitoring and descriptors deployment
-name: sdc-dcae-tosca-lab
-version: 6.0.0
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - "sdc-dcae-be"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort2 }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- httpGet:
- path: /healthcheck
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: JAVA_OPTIONS
- value: {{ .Values.config.javaOptions }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /var/lib/jetty/chef-solo/environments/
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "dcae-be",
- "version": "v1",
- "url": "/dcae",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort2 }}",
- "visualRange": "1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dcae-tosca-app:1.3.3
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-config:
- javaOptions: -XX:MaxPermSize=256m -Xmx1024m
- cassandraSslEnabled: "false"
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: sdc-dcae-tosca-lab
- portName: sdc-dcae-tosca-lab-8085
- externalPort: 8085
- internalPort: 8085
- portName2: sdc-dcae-tosca-lab-8445
- externalPort2: 8445
- internalPort2: 8445
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-pluginsList:
- - pluginId: DCAED
- pluginDiscoveryUrl: "{{ .Values.config.plugins.dcae_discovery_url }}"
- pluginSourceUrl: "{{ .Values.config.plugins.dcae_source_url }}"
- pluginStateUrl: "dcaed"
- pluginDisplayOptions:
- context:
- displayName: "Monitoring"
- displayContext: ["SERVICE"]
- displayRoles: ["DESIGNER"]
- - pluginId: DCAE-DS
- pluginDiscoveryUrl: "{{ .Values.config.plugins.dcae_dt_discovery_url }}"
- pluginSourceUrl: "{{ .Values.config.plugins.dcae_dt_source_url }}"
- pluginStateUrl: "dcae-ds"
- pluginDisplayOptions:
- tab:
- displayName: "DCAE-DS"
- displayRoles: ["DESIGNER"]
- - pluginId: WORKFLOW
- pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url }}"
- pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}"
- pluginStateUrl: "workflowDesigner"
- pluginDisplayOptions:
- tab:
- displayName: "WORKFLOW"
- displayRoles: ["DESIGNER", "TESTER"]
-
-connectionTimeout: 1000
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-plugins-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/plugins/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-be-config-backend
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-update-config
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /config-input/
- - name: sdc-environments-output
- mountPath: /config-output/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort2 }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort2 }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- - name: JAVA_OPTIONS
- value: {{ .Values.config.javaOptions }}
- volumeMounts:
- - name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-configs
- mountPath: /var/lib/jetty/config/catalog-fe/plugins-configuration.yaml
- subPath: plugins-configuration.yaml
- - name: {{ include "common.fullname" . }}-logback
- mountPath: /tmp/logback.xml
- subPath: logback.xml
- lifecycle:
- postStart:
- exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/catalog-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-configs
- configMap:
- name : {{ include "common.fullname" . }}-plugins-configmap
- defaultMode: 0777
- - name: {{ include "common.fullname" . }}-logback
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- - name: sdc-environments-output
- emptyDir: { medium: "Memory" }
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "sdc-gui",
- "version": "v1",
- "url": "/sdc1",
- "protocol": "UI",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0|1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{ if not .Values.global.security.disableHttp }}
- # setting http port only if enabled
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{ end }}
- {{ end }}
-
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
- {{- else -}}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.7
-pullPolicy: Always
-
-config:
- javaOptions: "-Xmx256m -Xms256m"
- plugins:
- dcae_discovery_url: "https://sdc-dcae-fe:9444/dcaed/#/home"
- dcae_source_url: "https://sdc.dcae.plugin.simpledemo.onap.org:30264/dcaed/#/home"
- dcae_dt_discovery_url: "https://sdc-dcae-dt:9446/dcae/#/dcae/home"
- dcae_dt_source_url: "https://sdc.dcae.plugin.simpledemo.onap.org:30266/dcae/#/dcae/home"
- workflow_discovery_url: "https://sdc-wfd-fe:8443/workflows"
- workflow_source_url: "https://sdc.workflow.plugin.simpledemo.onap.org:30256/workflows/"
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 60
- timeoutSeconds: 15
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 60
- timeoutSeconds: 15
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: NodePort
- name: sdc-fe
- portName: sdc-fe
- nodePort: "06"
- internalPort: 8181
- externalPort: 8181
- nodePort2: "07"
- internalPort2: 9443
- externalPort2: 9443
-
-
-
-ingress:
- enabled: false
- service:
- - baseaddr: "sdc.api.fe"
- name: "sdc-fe"
- port: 9443
- config:
- ssl: "redirect"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj\r
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-update-config
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /config-input/
- - name: sdc-environments-output
- mountPath: /config-output/
- - name: volume-permissions
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /bin/sh
- - -c
- - |
- chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
- securityContext:
- runAsUser: 0
- volumeMounts:
- - name: {{ include "common.fullname" . }}-cert-storage
- mountPath: "/onboard/cert"
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- exec:
- command:
- - "/var/lib/jetty/ready-probe.sh"
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end }}
- readinessProbe:
- exec:
- command:
- - "/var/lib/jetty/ready-probe.sh"
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: JAVA_OPTIONS
- value: {{ .Values.config.javaOptions }}
- - name: SDC_CLUSTER_NAME
- value: "SDC-CS-{{ .Values.global.env.name }}"
- - name: cassandra_ssl_enabled
- value: {{ .Values.config.cassandraSslEnabled | quote }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- - name: SDC_USER
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
- - name: SDC_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
- - name: SDC_CERT_DIR
- value: {{ .Values.cert.certDir }}
- volumeMounts:
- - name: sdc-environments-output
- mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-logback
- mountPath: /tmp/logback.xml
- subPath: logback.xml
- - name: {{ include "common.fullname" . }}-cert-storage
- mountPath: "{{ .Values.cert.certDir }}"
- lifecycle:
- postStart:
- exec:
- command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logback
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- - name: sdc-environments-output
- emptyDir: { medium: "Memory" }
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-cert-storage
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-cert
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-cassandra-init
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- backoffLimit: 20
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
- spec:
- restartPolicy: Never
- initContainers:
- - name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-cs-config-cassandra
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}-job
- image: "{{ include "common.repository" . }}/{{ .Values.onboardingInitImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /home/sdc/chef-solo/environments/
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- - name: SDC_USER
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
- - name: SDC_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
- - name: CS_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_password}
- - name: CS_HOST_IP
- value: "{{ .Values.global.cassandra.serviceName }}"
- volumes:
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Never
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName | default "http" }}
-
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName | default "http" }}2
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName | default "http" }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName | default "http" }}2
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.7
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.7
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-config:
- javaOptions: "-Xmx1g -Xms1g"
- cassandraSslEnabled: "false"
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 60
- timeoutSeconds: 15
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 120
- periodSeconds: 60
- timeoutSeconds: 15
-
-service:
- type: ClusterIP
- name: sdc-onboarding-be
- portName: sdc-onboarding-be
- internalPort: 8445
- externalPort: 8445
- internalPort2: 8081
- externalPort2: 8081
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: /sdc/sdc-cs/CS
-
-##Certificate storage persistence
-##This is temporary solution for SDC-1980
-cert:
- certDir: /var/lib/jetty/cert
- persistence:
- enabled: true
- size: 10Mi
- accessMode: ReadWriteOnce
- volumeReclaimPolicy: Retain
- mountSubPath: /sdc/onbaording/cert
-
-securityContext:
- fsGroup: 35953
- runAsUser: 352070
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- {{- if .Values.initJob.enabled }}
- - name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.fullname" . }}-workflow-init
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- {{ end }}
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ template "wfd-be.internalPort" . }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ template "wfd-be.internalPort" . }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ template "wfd-be.internalPort" . }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: JAVA_OPTIONS
- value: {{ .Values.config.javaOptions }}
- - name: CS_HOSTS
- value: "{{ .Values.global.cassandra.serviceName }}"
- - name: CS_PORT
- value: "{{ .Values.config.cassandraClientPort }}"
- - name: CS_AUTHENTICATE
- value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
- - name: CS_USER
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
- - name: CS_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
- - name: CS_SSL_ENABLED
- value: "{{ .Values.config.cassandraSSLEnabled }}"
- - name: CS_TRUST_STORE_PATH
- value: "{{ .Values.config.cassandraTrustStorePath }}"
- - name: CS_TRUST_STORE_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_truststore_password}
- - name: SDC_PROTOCOL
- value: "{{ .Values.config.sdcProtocol }}"
- - name: SDC_ENDPOINT
- value: "{{ .Values.config.sdcEndpoint }}"
- - name: SDC_USER
- value: "{{ .Values.config.sdcExternalUser }}"
- - name: SDC_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: wf_external_user_password}
- - name: SERVER_SSL_ENABLED
- value: "{{ .Values.config.serverSSLEnabled }}"
- - name: SERVER_SSL_KEYSTORE_TYPE
- value: "{{ .Values.config.serverSSLKeyStoreType }}"
- - name: SERVER_SSL_KEYSTORE_PATH
- value: "{{ .Values.config.serverSSLKeyStorePath }}"
- - name: SERVER_SSL_KEY_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password}
- - name: SERVER_SSL_TRUSTSTORE_TYPE
- value: "{{ .Values.config.serverSSLTrustStoreType }}"
- - name: SERVER_SSL_TRUSTSTORE_PATH
- value: "{{ .Values.config.serverSSLTrustStorePath }}"
- - name: SERVER_SSL_TRUST_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password}
- volumeMounts:
- - name: sdc-cert
- mountPath: /keystore
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /truststore
- subPath: org.onap.sdc.trust.jks
- volumes:
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ if .Values.initJob.enabled }}
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-workflow-init
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- backoffLimit: 20
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
- spec:
- restartPolicy: Never
- initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-cs-config-cassandra
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}-job
- image: "{{ include "common.repository" . }}/{{ .Values.configInitImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CS_HOST
- value: "{{ .Values.global.cassandra.serviceName }}"
- - name: CS_PORT
- value: "{{ .Values.config.cassandraClientPort }}"
- - name: CS_AUTHENTICATE
- value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
- - name: CS_USER
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
- - name: CS_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
-{{ end }}
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ template "wfd-be.internalPort" . }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ if .Values.config.serverSslEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }}
- targetPort: {{ template "wfd-be.internalPort" . }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.4
-configInitImage: onap/workflow-init:1.6.4
-pullPolicy: Always
-
-initJob:
- enabled: true
-
-config:
- javaOptions: "-Xmx1536m -Xms1536m"
- cassandraAuthenticationEnabled: true
- cassandraClientPort: 9042
-
- sdcProtocol: HTTPS
- sdcEndpoint: sdc-be:8443
- sdcExternalUser: workflow
-
- serverSSLEnabled: true
-
- serverSSLKeyStoreType: jks
- serverSSLKeyStorePath: /home/sdc/etc/keystore
-
- serverSSLTrustStoreType: jks
- serverSSLTrustStorePath: /home/sdc/etc/truststore
-
- cassandraSSLEnabled: false
- cassandraTrustStorePath: /home/sdc/etc/truststore
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 10
-
-service:
- type: NodePort
- portName: sdc-wfd-be
- internalPort: 8080
- externalPort: 8080
- internalPort2: 8443
- externalPort2: 8443
- nodePort: "57" # only one node port. set to http or https port depending on isHttpsEnabled property
-
-
-ingress:
- enabled: false
- service:
- - baseaddr: "sdcwfdbe"
- name: "sdc-wfd-be"
- port: 8443
- config:
- ssl: "redirect"
-
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - "sdc-wfd-be"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ template "wfd-fe.internalPort" . }}
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ template "wfd-fe.internalPort" . }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ template "wfd-fe.internalPort" . }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: JAVA_OPTIONS
- value: {{ .Values.config.javaOptions }}
- - name: BACKEND
- value: {{ .Values.config.backendServerURL }}
- - name: IS_HTTPS
- value: "{{ .Values.config.isHttpsEnabled}}"
- {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password}
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password}
- - name: TRUSTSTORE_PATH
- value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}"
- - name: KEYSTORE_PATH
- value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}"
- - name: TRUST_ALL
- value: "{{ .Values.config.isTrustAll}}"
- {{ end }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: sdc-cert
- mountPath: /var/lib/jetty/etc/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /var/lib/jetty/etc/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-sdc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{ include "common.ingress" . }}
+++ /dev/null
-# Copyright © 2018 ZTE
-# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "wf-gui",
- "version": "v1",
- "url": "/",
- "protocol": "UI",
- "port": "{{ .Values.service.internalPort2 }}",
- "visualRange":"0|1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ template "wfd-fe.internalPort" . }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ if .Values.config.isHttpsEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }}
- targetPort: {{ template "wfd-fe.internalPort" . }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-config:
- javaOptions: "-Xmx256m -Xms256m"
- backendServerURL: "https://sdc-wfd-be:8443"
- isHttpsEnabled: true
- # following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties
- isTrustAll: true
-# https relevant settings. Change in case you have other trust files then default ones.
-security:
- isDefaultStore: false
- truststoreFilename: "org.onap.sdc.trust.jks"
- keystoreFilename: "org.onap.sdc.p12"
- storePath: "etc"
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 10
-
-service:
- type: NodePort
- internalPort: 8080
- externalPort: 8080
- internalPort2: 8443
- externalPort2: 8443
- portName: sdc-wfd-fe
- nodePort: "56" # only one node port. set to http or https port depending on isHttpsEnabled property
-
-ingress:
- enabled: false
- service:
- - baseaddr: "sdcwfdfe"
- name: "sdc-wfd-fe"
- port: 8443
- annotations:
- ingress.kubernetes.io/secure-backends: "false"
- nginx.ingress.kubernetes.io/secure-backends: "false"
- nginx.ingress.kubernetes.io/proxy-body-size: "0"
- nginx.ingress.kubernetes.io/ssl-redirect: "true"
- nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
- nginx.ingress.kubernetes.io/rewrite-target: "/workflows/"
-
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
--- /dev/null
+# Copyright © 2020 Samsung Electronics, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T, ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-logging-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, AT&T, Bell Canada
+# Modifications Copyright © 2018 ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - "sdc-onboarding-be"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ - name: {{ include "common.name" . }}-job-completion
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.name" . }}-update-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+ cd /config-input && \
+ for PFILE in `find . -not -type d | grep -v -F ..`
+ do
+ envsubst <${PFILE} >/config-output/${PFILE}
+ chmod 0755 /config-output/${PFILE}
+ done
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /config-input/
+ - name: sdc-environments-output
+ mountPath: /config-output/
+ {{- end }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh
+ ${JETTY_BASE}/startup.sh
+ {{- end }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ {{ if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ path: /sdc2/rest/healthCheck
+ port: {{ .Values.liveness.port }}
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end }}
+ readinessProbe:
+ exec:
+ command:
+ - "/var/lib/jetty/ready-probe.sh"
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: ENVNAME
+ value: {{ .Values.env.name }}
+ - name: JAVA_OPTIONS
+ value: {{ .Values.config.javaOptions }}
+ - name: cassandra_ssl_enabled
+ value: {{ .Values.config.cassandraSslEnabled | quote }}
+ - name: HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ volumeMounts:
+ - name: sdc-environments-output
+ mountPath: /var/lib/jetty/chef-solo/environments/
+ - name: sdc-environments-output
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
+ subPath: org.onap.sdc.p12
+ - name: sdc-environments-output
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
+ subPath: org.onap.sdc.trust.jks
+ - name: {{ include "common.fullname" . }}-localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-logback
+ mountPath: /tmp/logback.xml
+ subPath: logback.xml
+ lifecycle:
+ postStart:
+ exec:
+ command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/catalog-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
+ # side car containers
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ - name: {{ include "common.fullname" . }}-localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-sdc-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logback
+ configMap:
+ name : {{ include "common.fullname" . }}-logging-configmap
+ - name: {{ include "common.fullname" . }}-environments
+ configMap:
+ name: {{ include "common.release" . }}-sdc-environments-configmap
+ defaultMode: 0755
+ - name: sdc-environments-output
+ emptyDir: { medium: "Memory" }
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, AT&T, Bell Canada
+# Modifications Copyright © 2018 ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-config-backend
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ include "common.name" . }}-job
+ helm.sh/chart: {{ include "common.chart" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ spec:
+ restartPolicy: Never
+ initContainers:
+ - name: {{ include "common.name" . }}-init-readiness
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - sdc-be
+ - "-t"
+ - "35"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ containers:
+ - name: {{ include "common.name" . }}-job
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.backendInitImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /home/onap/chef-solo/environments/
+ - name: sdc-logs
+ mountPath: /var/lib/jetty/logs
+ env:
+ - name: ENVNAME
+ value: {{ .Values.env.name }}
+ - name: HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ resources:
+ limits:
+ cpu: 800m
+ memory: 1024Mi
+ requests:
+ cpu: 200m
+ memory: 200Mi
+ volumes:
+ - name: {{ include "common.fullname" . }}-environments
+ configMap:
+ name: {{ include "common.release" . }}-sdc-environments-configmap
+ defaultMode: 0755
+ - name: sdc-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Never
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T, ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T, ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ aafEnabled: true
+ cassandra:
+ #This flag allows SDC to instantiate its own cluster, serviceName
+ #should be sdc-cs if this flag is enabled
+ localCluster: false
+ #The cassandra service name to connect to (default: shared cassandra service)
+ serviceName: cassandra
+ #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+ #to match with its own cluster replica
+ replicaCount: 3
+ clusterName: cassandra
+ dataCenter: Pod
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/sdc-backend-all-plugins:1.7.3
+backendInitImage: onap/sdc-backend-init:1.7.3
+
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+#environment file
+env:
+ name: AUTO
+
+certInitializer:
+ nameOverride: sdc-be-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+#################################################################
+# SDC Config part
+#################################################################
+config:
+ javaOptions: "-Xmx1536m -Xms1536m"
+ cassandraSslEnabled: "false"
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ timeoutSeconds: 5
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ port: api
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ timeoutSeconds: 5
+
+service:
+ type: NodePort
+ name: sdc-be
+ both_tls_and_plain: true
+ msb:
+ - port: 8443
+ url: "/sdc/v1"
+ version: "v1"
+ protocol: "REST"
+ visualRange: "1"
+ serviceName: sdc
+ enable_ssl: true
+ - port: 8080
+ url: "/sdc/v1"
+ version: "v1"
+ protocol: "REST"
+ visualRange: "1"
+ serviceName: sdc-deprecated
+ ports:
+ - name: api
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
+ nodePort: '04'
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "sdc.api.be"
+ name: "sdc-be"
+ port: 8443
+ config:
+ ssl: "redirect"
+
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, AT&T, Bell Canada
+# Modifications Copyright © 2018 ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-config-cassandra
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-job
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-job
+ release: {{ include "common.release" . }}
+ spec:
+ restartPolicy: Never
+ initContainers:
+ - name: {{ include "common.name" . }}-init-readiness
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ {{- if .Values.global.cassandra.localCluster }}
+ - sdc-cs
+ {{- else }}
+ - cassandra
+ {{- end }}
+ - "-t"
+ - "15"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ containers:
+ - name: {{ include "common.name" . }}-job
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.cassandraInitImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /home/sdc/chef-solo/environments/
+ - name: {{ include "common.fullname" . }}-chef-cache
+ mountPath: /home/sdc/chef-solo/cache
+ env:
+ - name: ENVNAME
+ value: {{ .Values.env.name }}
+ - name: RELEASE
+ value: {{ .Values.config.release }}
+ - name: SDC_USER
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
+ - name: SDC_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
+ - name: CS_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_password}
+ - name: HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ resources:
+ limits:
+ cpu: 800m
+ memory: 1024Mi
+ requests:
+ cpu: 200m
+ memory: 300Mi
+ volumes:
+ - name: {{ include "common.fullname" . }}-environments
+ configMap:
+ name: {{ include "common.release" . }}-sdc-environments-configmap
+ defaultMode: 0755
+ - name: {{ include "common.fullname" . }}-chef-cache
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Never
--- /dev/null
+# Copyright © 2017 Amdocs, AT&T, Bell Canada
+# Modifications Copyright © 2018 ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ readinessImage: onap/oom/readiness:3.0.1
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ cassandra:
+ #This flag allows SDC to instantiate its own cluster, serviceName
+ #should be sdc-cs if this flag is enabled
+ localCluster: false
+ #The cassandra service name to connect to (default: shared cassandra service)
+ serviceName: cassandra
+ #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+ #to match with its own cluster replica
+ replicaCount: 3
+ clusterName: cassandra
+ dataCenter: Pod
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/sdc-cassandra:1.7.3
+cassandraInitImage: onap/sdc-cassandra-init:1.7.3
+
+pullPolicy: Always
+
+config:
+ release: latest
+ maxHeapSize: "1536M"
+ heapNewSize: "512M"
+
+#environment file
+env:
+ name: AUTO
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: sdc-cs
+ portName: sdc-cs
+ externalPort: 9042
+ internalPort: 9042
+
+
+## Persist data to a persitent volume
+persistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ accessMode: ReadWriteOnce
+ size: 2Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: /sdc/sdc-cs/CS
+
+ingress:
+ enabled: false
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+pluginsList:
+ - pluginId: WORKFLOW
+ pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url }}"
+ pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}"
+ pluginStateUrl: "workflowDesigner"
+ pluginDisplayOptions:
+ tab:
+ displayName: "WORKFLOW"
+ displayRoles: ["DESIGNER", "TESTER"]
+
+connectionTimeout: 1000
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T, ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-logging-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-plugins-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/plugins/*").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T, ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-job-completion
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-sdc-be-config-backend
+ - "-t"
+ - "35"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.name" . }}-update-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+ cd /config-input && \
+ for PFILE in `find . -not -type d | grep -v -F ..`
+ do
+ envsubst <${PFILE} >/config-output/${PFILE}
+ chmod 0755 /config-output/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /config-input/
+ - name: sdc-environments-output
+ mountPath: /config-output/
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ {{- end }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh
+ ${JETTY_BASE}/startup.sh
+ {{- end }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ {{ if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort2 }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort2 }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: ENVNAME
+ value: {{ .Values.env.name }}
+ - name: HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: JAVA_OPTIONS
+ value: {{ .Values.config.javaOptions }}
+ volumeMounts:
+ - name: sdc-environments-output
+ mountPath: /var/lib/jetty/chef-solo/environments/
+ - name: sdc-environments-output
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12
+ subPath: org.onap.sdc.p12
+ - name: sdc-environments-output
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks
+ subPath: org.onap.sdc.trust.jks
+ - name: {{ include "common.fullname" . }}-localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-configs
+ mountPath: /var/lib/jetty/config/catalog-fe/plugins-configuration.yaml
+ subPath: plugins-configuration.yaml
+ - name: {{ include "common.fullname" . }}-logback
+ mountPath: /tmp/logback.xml
+ subPath: logback.xml
+ lifecycle:
+ postStart:
+ exec:
+ command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/catalog-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
+ # side car containers
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-sdc-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-configs
+ configMap:
+ name : {{ include "common.fullname" . }}-plugins-configmap
+ defaultMode: 0777
+ - name: {{ include "common.fullname" . }}-logback
+ configMap:
+ name : {{ include "common.fullname" . }}-logging-configmap
+ - name: {{ include "common.fullname" . }}-environments
+ configMap:
+ name: {{ include "common.release" . }}-sdc-environments-configmap
+ defaultMode: 0755
+ - name: sdc-environments-output
+ emptyDir: { medium: "Memory" }
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T, ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "sdc-gui",
+ "version": "v1",
+ "url": "/sdc1",
+ "protocol": "UI",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0|1"
+ }
+ ]'
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{ if not .Values.security.disableHttp }}
+ # setting http port only if enabled
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{ end }}
+ {{ end }}
+
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName }}2
+ {{- else -}}
+ - port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName }}2
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T, ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ aafEnabled: true
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-fe-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/sdc-frontend:1.7.3
+
+pullPolicy: Always
+
+config:
+ javaOptions: "-Xmx256m -Xms256m"
+ plugins:
+ dcae_discovery_url: "https://sdc-dcae-fe:9444/dcaed/#/home"
+ dcae_source_url: "https://sdc.dcae.plugin.simpledemo.onap.org:30264/dcaed/#/home"
+ dcae_dt_discovery_url: "https://sdc-dcae-dt:9446/dcae/#/dcae/home"
+ dcae_dt_source_url: "https://sdc.dcae.plugin.simpledemo.onap.org:30266/dcae/#/dcae/home"
+ workflow_discovery_url: "https://sdc-wfd-fe:8443/workflows"
+ workflow_source_url: "https://sdc.workflow.plugin.simpledemo.onap.org:30256/workflows/"
+
+#environment file
+env:
+ name: AUTO
+
+security:
+ disableHttp: true
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 60
+ timeoutSeconds: 15
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 60
+ timeoutSeconds: 15
+
+service:
+ #Example service definition with external, internal and node ports.
+ #Services may use any combination of ports depending on the 'type' of
+ #service being defined.
+ type: NodePort
+ name: sdc-fe
+ portName: sdc-fe
+ nodePort: "06"
+ internalPort: 8181
+ externalPort: 8181
+ nodePort2: "07"
+ internalPort2: 9443
+ externalPort2: 9443
+
+
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "sdc.api.fe"
+ name: "sdc-fe"
+ port: 9443
+ config:
+ ssl: "redirect"
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 500m
+ memory: 2Gi
+ requests:
+ cpu: 40m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 80m
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T, ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-logging-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, AT&T, Bell Canada
+# Modifications Copyright © 2018 ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-job-completion
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.name" . }}-update-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+ cd /config-input && \
+ for PFILE in `find . -not -type d | grep -v -F ..`
+ do
+ envsubst <${PFILE} >/config-output/${PFILE}
+ chmod 0755 /config-output/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /config-input/
+ - name: sdc-environments-output
+ mountPath: /config-output/
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ {{- end }}
+ - name: volume-permissions
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-cert-storage
+ mountPath: "/onboard/cert"
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ {{ if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ exec:
+ command:
+ - "/var/lib/jetty/ready-probe.sh"
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end }}
+ readinessProbe:
+ exec:
+ command:
+ - "/var/lib/jetty/ready-probe.sh"
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: ENVNAME
+ value: {{ .Values.env.name }}
+ - name: JAVA_OPTIONS
+ value: {{ .Values.config.javaOptions }}
+ - name: SDC_CLUSTER_NAME
+ value: "SDC-CS-{{ .Values.env.name }}"
+ - name: cassandra_ssl_enabled
+ value: {{ .Values.config.cassandraSslEnabled | quote }}
+ - name: HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: SDC_USER
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
+ - name: SDC_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
+ - name: SDC_CERT_DIR
+ value: {{ .Values.cert.certDir }}
+ volumeMounts:
+ - name: sdc-environments-output
+ mountPath: /var/lib/jetty/chef-solo/environments/
+ - name: sdc-environments-output
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
+ subPath: org.onap.sdc.p12
+ - name: sdc-environments-output
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
+ subPath: org.onap.sdc.trust.jks
+ - name: {{ include "common.fullname" . }}-localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-cert-storage
+ mountPath: "{{ .Values.cert.certDir }}"
+ - name: {{ include "common.fullname" . }}-logback
+ mountPath: /tmp/logback.xml
+ subPath: logback.xml
+ lifecycle:
+ postStart:
+ exec:
+ command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
+ # side car containers
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ - name: {{ include "common.fullname" . }}-localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-sdc-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logback
+ configMap:
+ name : {{ include "common.fullname" . }}-logging-configmap
+ - name: {{ include "common.fullname" . }}-environments
+ configMap:
+ name: {{ include "common.release" . }}-sdc-environments-configmap
+ defaultMode: 0755
+ - name: sdc-environments-output
+ emptyDir: { medium: "Memory" }
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-cert-storage
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-cert
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, AT&T, Bell Canada
+# Modifications Copyright © 2018 ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-cassandra-init
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-job
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-job
+ release: {{ include "common.release" . }}
+ spec:
+ restartPolicy: Never
+ initContainers:
+ - name: {{ include "common.name" . }}-job-completion
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-sdc-cs-config-cassandra
+ - "-t"
+ - "20"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ containers:
+ - name: {{ include "common.name" . }}-job
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.onboardingInitImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /home/sdc/chef-solo/environments/
+ env:
+ - name: ENVNAME
+ value: {{ .Values.env.name }}
+ - name: HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: SDC_USER
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
+ - name: SDC_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
+ - name: CS_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_password}
+ - name: CS_HOST_IP
+ value: "{{ .Values.global.cassandra.serviceName }}"
+ resources:
+ limits:
+ cpu: 800m
+ memory: 1024Mi
+ requests:
+ cpu: 200m
+ memory: 200Mi
+ volumes:
+ - name: {{ include "common.fullname" . }}-environments
+ configMap:
+ name: {{ include "common.release" . }}-sdc-environments-configmap
+ defaultMode: 0755
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Never
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T, ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName | default "http" }}
+
+ - port: {{ .Values.service.externalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName | default "http" }}2
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ - port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName | default "http" }}2
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T, ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ aafEnabled: true
+ persistence: {}
+ cassandra:
+ #This flag allows SDC to instantiate its own cluster, serviceName
+ #should be sdc-cs if this flag is enabled
+ localCluster: false
+ #The cassandra service name to connect to (default: shared cassandra service)
+ serviceName: cassandra
+ #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+ #to match with its own cluster replica
+ replicaCount: 3
+ clusterName: cassandra
+ dataCenter: Pod
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-onboarding-be-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/sdc-onboard-backend:1.7.3
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.7.3
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+config:
+ javaOptions: "-Xmx1g -Xms1g"
+ cassandraSslEnabled: "false"
+
+#environment file
+env:
+ name: AUTO
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 60
+ timeoutSeconds: 15
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 120
+ periodSeconds: 60
+ timeoutSeconds: 15
+
+service:
+ type: ClusterIP
+ name: sdc-onboarding-be
+ portName: sdc-onboarding-be
+ internalPort: 8445
+ externalPort: 8445
+ internalPort2: 8081
+ externalPort2: 8081
+
+## Persist data to a persitent volume
+persistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ accessMode: ReadWriteOnce
+ size: 2Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: /sdc/sdc-cs/CS
+
+##Certificate storage persistence
+##This is temporary solution for SDC-1980
+cert:
+ certDir: /var/lib/jetty/cert
+ persistence:
+ enabled: true
+ size: 10Mi
+ accessMode: ReadWriteOnce
+ volumeReclaimPolicy: Retain
+ mountSubPath: /sdc/onbaording/cert
+
+securityContext:
+ fsGroup: 35953
+ runAsUser: 352070
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 500m
+ memory: 2Gi
+ requests:
+ cpu: 40m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 80m
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, AT&T, Bell Canada
+# Modifications Copyright © 2018 ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ {{- if .Values.initJob.enabled }}
+ - name: {{ include "common.name" . }}-job-completion
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.fullname" . }}-workflow-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ {{ end }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export SERVER_SSL_KEY_PASSWORD=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export SERVER_SSL_TRUST_PASSWORD=$cadi_truststore_password
+ export SERVER_SSL_KEYSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}
+ export SERVER_SSL_TRUSTSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}
+ ./startup.sh
+ {{- end }}
+ ports:
+ - containerPort: {{ template "wfd-be.internalPort" . }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ template "wfd-be.internalPort" . }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ template "wfd-be.internalPort" . }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: JAVA_OPTIONS
+ value: {{ .Values.config.javaOptions }}
+ - name: CS_HOSTS
+ value: "{{ .Values.global.cassandra.serviceName }}"
+ - name: CS_PORT
+ value: "{{ .Values.config.cassandraClientPort }}"
+ - name: CS_AUTHENTICATE
+ value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
+ - name: CS_USER
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
+ - name: CS_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
+ - name: CS_SSL_ENABLED
+ value: "{{ .Values.config.cassandraSSLEnabled }}"
+ - name: CS_TRUST_STORE_PATH
+ value: "{{ .Values.config.cassandraTrustStorePath }}"
+ - name: CS_TRUST_STORE_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_truststore_password}
+ - name: SDC_PROTOCOL
+ value: "{{ .Values.config.sdcProtocol }}"
+ - name: SDC_ENDPOINT
+ value: "{{ .Values.config.sdcEndpoint }}"
+ - name: SDC_USER
+ value: "{{ .Values.config.sdcExternalUser }}"
+ - name: SDC_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: wf_external_user_password}
+ - name: SERVER_SSL_ENABLED
+ value: "{{ .Values.config.serverSSLEnabled }}"
+ - name: SERVER_SSL_KEYSTORE_TYPE
+ value: "{{ .Values.config.serverSSLKeyStoreType }}"
+ - name: SERVER_SSL_TRUSTSTORE_TYPE
+ value: "{{ .Values.config.serverSSLTrustStoreType }}"
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, AT&T, Bell Canada
+# Modifications Copyright © 2018 ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ if .Values.initJob.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-workflow-init
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-job
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-job
+ release: {{ include "common.release" . }}
+ spec:
+ restartPolicy: Never
+ initContainers:
+ - name: {{ include "common.name" . }}-init-readiness
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-sdc-cs-config-cassandra
+ - "-t"
+ - "20"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ containers:
+ - name: {{ include "common.name" . }}-job
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.configInitImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CS_HOST
+ value: "{{ .Values.global.cassandra.serviceName }}"
+ - name: CS_PORT
+ value: "{{ .Values.config.cassandraClientPort }}"
+ - name: CS_AUTHENTICATE
+ value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
+ - name: CS_USER
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
+ - name: CS_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ end }}
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T, ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ template "wfd-be.internalPort" . }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ if .Values.config.serverSslEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }}
+ targetPort: {{ template "wfd-be.internalPort" . }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T, ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ aafEnabled: true
+ cassandra:
+ #This flag allows SDC to instantiate its own cluster, serviceName
+ #should be sdc-cs if this flag is enabled
+ localCluster: false
+ #The cassandra service name to connect to (default: shared cassandra service)
+ serviceName: cassandra
+ #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+ #to match with its own cluster replica
+ replicaCount: 3
+ clusterName: cassandra
+ dataCenter: Pod
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-wfd-be-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/sdc-workflow-backend:1.7.0
+configInitImage: onap/sdc-workflow-init:1.7.0
+pullPolicy: Always
+
+initJob:
+ enabled: true
+
+config:
+ javaOptions: "-Xmx1536m -Xms1536m"
+ cassandraAuthenticationEnabled: true
+ cassandraClientPort: 9042
+ sdcProtocol: HTTPS
+ sdcEndpoint: sdc-be:8443
+ sdcExternalUser: workflow
+ serverSSLEnabled: true
+ serverSSLKeyStoreType: jks
+ serverSSLTrustStoreType: jks
+ cassandraSSLEnabled: false
+ cassandraTrustStorePath: /home/sdc/etc/truststore
+
+# environment file
+env:
+ name: AUTO
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ portName: sdc-wfd-be
+ internalPort: 8080
+ externalPort: 8080
+ internalPort2: 8443
+ externalPort2: 8443
+ nodePort: "57" # only one node port. set to http or https port depending on isHttpsEnabled property
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "sdcwfdbe"
+ name: "sdc-wfd-be"
+ port: 8443
+ config:
+ ssl: "redirect"
+
+# Resource Limit flavor -By Default using small
+# Segregation for Different environment (Small and Large)
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 500m
+ memory: 2Gi
+ requests:
+ cpu: 40m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 80m
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - "sdc-wfd-be"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.fullname" . }}-move-cert
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /sdc-certs/{{ .Values.certInitializer.keystoreFile }}
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /sdc-certs/{{ .Values.certInitializer.truststoreFile }}
+ cp {{ .Values.certInitializer.credsPath }}/mycreds.prop /sdc-certs/mycreds.prop
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - name: sdc-certs
+ mountPath: /sdc-certs
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ {{- end }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ export $(grep '^c' /sdc-certs/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ export KEYSTORE_PATH=/etc/{{ .Values.certInitializer.keystoreFile }}
+ export TRUSTSTORE_PATH=/etc/{{ .Values.certInitializer.truststoreFile }}
+ ./startup.sh
+ {{- end }}
+ ports:
+ - containerPort: {{ template "wfd-fe.internalPort" . }}
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ template "wfd-fe.internalPort" . }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ template "wfd-fe.internalPort" . }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: ENVNAME
+ value: {{ .Values.env.name }}
+ - name: JAVA_OPTIONS
+ value: {{ .Values.config.javaOptions }}
+ - name: BACKEND
+ value: {{ .Values.config.backendServerURL }}
+ - name: IS_HTTPS
+ value: "{{ .Values.config.isHttpsEnabled}}"
+ {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
+ - name: TRUST_ALL
+ value: "{{ .Values.config.isTrustAll}}"
+ {{ end }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ {{- if .Values.global.aafEnabled }}
+ - name: sdc-certs
+ mountPath: /sdc-certs/mycreds.prop
+ subPath: mycreds.prop
+ - name: sdc-certs
+ mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.keystoreFile }}
+ subPath: {{ .Values.certInitializer.keystoreFile }}
+ - name: sdc-certs
+ mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.truststoreFile }}
+ subPath: {{ .Values.certInitializer.truststoreFile }}
+ {{ end }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ # side car containers
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ resources:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-localtime
+ hostPath:
+ path: /etc/localtime
+ {{- if .Values.global.aafEnabled }}
+ - name: sdc-certs
+ emptyDir:
+ medium: "Memory"
+ {{- end }}
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-sdc-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2018 ZTE
+# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "wf-gui",
+ "version": "v1",
+ "url": "/",
+ "protocol": "UI",
+ "port": "{{ .Values.service.internalPort2 }}",
+ "visualRange":"0|1"
+ }
+ ]'
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ template "wfd-fe.internalPort" . }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ if .Values.config.isHttpsEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }}
+ targetPort: {{ template "wfd-fe.internalPort" . }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ aafEnabled: true
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-wfd-fe-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/sdc-workflow-frontend:1.7.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+config:
+ javaOptions: "-Xmx256m -Xms256m"
+ backendServerURL: "https://sdc-wfd-be:8443"
+ isHttpsEnabled: true
+ # following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties
+ isTrustAll: true
+# https relevant settings. Change in case you have other trust files then default ones.
+
+#environment file
+env:
+ name: AUTO
+
+security:
+ isDefaultStore: false
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ internalPort: 8080
+ externalPort: 8080
+ internalPort2: 8443
+ externalPort2: 8443
+ portName: sdc-wfd-fe
+ nodePort: "56" # only one node port. set to http or https port depending on isHttpsEnabled property
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "sdcwfdfe"
+ name: "sdc-wfd-fe"
+ port: 8443
+ annotations:
+ ingress.kubernetes.io/secure-backends: "false"
+ nginx.ingress.kubernetes.io/secure-backends: "false"
+ nginx.ingress.kubernetes.io/proxy-body-size: "0"
+ nginx.ingress.kubernetes.io/ssl-redirect: "true"
+ nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+ nginx.ingress.kubernetes.io/rewrite-target: "/workflows/"
+
+# Resource Limit flavor -By Default using small
+# Segregation for Different environment (Small and Large)
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 500m
+ memory: 2Gi
+ requests:
+ cpu: 40m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 80m
+ memory: 2Gi
+ unlimited: {}
# limitations under the License.
dependencies:
- - name: common
+ - name: sdc-be
version: ~6.x-0
- repository: '@local'
-
- - name: cassandra
+ repository: 'file://components/sdc-be'
+ - name: sdc-cs
version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- condition: global.cassandra.localCluster
-
+ repository: 'file://components/sdc-cs'
+ - name: sdc-fe
+ version: ~6.x-0
+ repository: 'file://components/sdc-fe'
+ - name: sdc-onboarding-be
+ version: ~6.x-0
+ repository: 'file://components/sdc-onboarding-be'
+ - name: sdc-wfd-be
+ version: ~6.x-0
+ repository: 'file://components/sdc-wfd-be'
+ condition: sdc-wfd.enabled
+ - name: sdc-wfd-fe
+ version: ~6.x-0
+ repository: 'file://components/sdc-wfd-fe'
+ condition: sdc-wfd.enabled
\ No newline at end of file
{
- "name": "{{ .Values.global.env.name }}",
- "description": "OpenSource-{{ .Values.global.env.name }}",
+ "name": "{{ .Values.env.name }}",
+ "description": "OpenSource-{{ .Values.env.name }}",
"cookbook_versions": {
"Deploy-SDandC": "= 1.0.0"
},
"CS_VIP": "{{.Values.global.cassandra.serviceName}}.{{include "common.namespace" .}}",
"BE_VIP": "sdc-be.{{include "common.namespace" .}}",
"ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}",
- "DCAE_BE_VIP": "sdc-dcae-be.{{include "common.namespace" .}}",
- "DCAE_FE_VIP": "sdc-dcae-fe.{{include "common.namespace" .}}",
- "DCAE_TOSCA_LAB_VIP": "sdc-dcae-tosca-lab.{{include "common.namespace" .}}",
"FE_VIP": "sdc-fe.{{include "common.namespace" .}}",
"interfaces": {
"application": "eth0",
},
"jetty": {
"keystore_pwd": "${KEYSTORE_PASS}",
- "truststore_pwd": "${TRUSTSTORE_PASS}"
+ "truststore_pwd": "${TRUSTSTORE_PASS}",
+ "keymanager_pwd": "${KEYMANAGER_PASS}"
}
}
}
+{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T, ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
filebeat.prospectors:
#it is mandatory, in our case it's log
+{{/*
# Copyright © 2017 Amdocs, AT&T, Bell Canada
# Modifications Copyright © 2018 ZTE
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, AT&T, Bell Canada
# Modifications Copyright © 2018 ZTE
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Secret
keystore_password: "{{ .Values.global.secrets.keystore_password }}"
# workflow
wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}"
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: sdc-cert
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/cert/*").AsSecrets . | indent 2 }}
global:
persistence: {}
- env:
- name: AUTO
secrets:
sdc_user: YXNkY191c2Vy
sdc_password: QWExMjM0JV4h
truststore_password: eitLRWo7dCssS05eaWltU2lTODllI3Aw
keystore_password: PyhrUCFZdXIhWyohWTUhRV5mKFpLYzMx
wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==
- ubuntuInitRepository: oomk8s
- ubuntuInitImage: ubuntu-init:1.0.0
- busyboxRepository: registry.hub.docker.com
- busyboxImage: library/busybox:latest
+ aafEnabled: true
cassandra:
#This flag allows SDC to instantiate its own cluster, serviceName
#should be sdc-cs if this flag is enabled
dataCenter: Pod
security:
disableHttp: true
- envsubstImage: dibi/envsubst
+
+# Environment file
+env:
+ name: AUTO
+
config:
logstashServiceName: log-ls
logstashPort: 5044
environment:
workflowUrl: 10.0.2.15
- vnfRepoPort: 8702
+ vnfRepoPort: 8703
#Used only if localCluster is enabled. Instantiates SDC's own cassandra cluster
cassandra:
persistence:
mountSubPath: sdc/sdc-cs/CS
enabled: true
+
+# dependency / sub-chart configuration
+sdc-wfd:
+ enabled: true
.project
.idea/
*.tmproj
+components/
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
- @helm repo index $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
+++ /dev/null
-###
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-org.onap.ccsdk.sli.dbtype=jdbc
-org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
-org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
-org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
-org.onap.ccsdk.sli.jdbc.connection.timeout=50
-org.onap.ccsdk.sli.jdbc.request.timeout=100
-org.onap.ccsdk.sli.jdbc.limit.init=10
-org.onap.ccsdk.sli.jdbc.limit.min=10
-org.onap.ccsdk.sli.jdbc.limit.max=20
-org.onap.dblib.connection.recovery=false
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: SDNC_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: SDNC_DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: ODL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
- - name: ODL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input
- name: config-input
- - mountPath: /config
- name: properties
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
-
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ include "common.mariadbService" . }}
- - --container-name
- - {{ .Values.config.sdncChartName }}
- - --container-name
- - {{ .Values.config.msgRouterContainerName }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - command:
- - /opt/onap/sdnc/dmaap-listener/bin/start-dmaap-listener.sh
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: PROPERTY_DIR
- value: "{{ .Values.config.configDir }}"
- - name: SDNC_CONFIG_DIR
- value: "{{ .Values.config.configDir }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: {{ .Values.config.configDir }}/dblib.properties
- name: properties
- subPath: dblib.properties
- - mountPath: {{ .Values.config.configDir }}/dhcpalert.properties
- name: properties
- subPath: dhcpalert.properties
- - mountPath: {{ .Values.config.configDir }}/lcm.properties
- name: properties
- subPath: lcm.properties
- - mountPath: {{ .Values.config.configDir }}/aai.properties
- name: properties
- subPath: aai.properties
- - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-CMNotify.properties
- name: properties
- subPath: dmaap-consumer-CMNotify.properties
- - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-a1Adapter-policy.properties
- name: properties
- subPath: dmaap-consumer-a1Adapter-policy.properties
- - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties
- name: properties
- subPath: dmaap-consumer-oofpcipoc.properties
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: config-input
- configMap:
- name: {{ include "common.fullname" . }}
- defaultMode: 0644
- - name: properties
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- # envsusbt
- envsubstImage: dibi/envsubst
- mariadbGalera:
- #This flag allows SO to instantiate its own mariadb-galera cluster
- #If shared instance is used, this chart assumes that DB already exists
- localCluster: false
- service: mariadb-galera
- internalPort: 3306
- nameOverride: mariadb-galera
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-secret
- name: &dbSecretName '{{ include "common.release" . }}-sdnc-dmaap-listener-db-secret'
- type: basicAuth
- # This is a nasty trick that allows you override this secret using external one
- # with the same field that is used to pass this to subchart
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-dmaap-listener-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
- login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
- password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
- passwordPolicy: required
- - uid: odl-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
- login: '{{ .Values.config.odlUser }}'
- password: '{{ .Values.config.odlPassword }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/sdnc-dmaap-listener-image:1.8.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- dmaapPort: 3904
- sdncChartName: sdnc
- sdncPort: 8282
- msgRouterContainerName: message-router
- configDir: /opt/onap/sdnc/data/properties
- odlUser: admin
- odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- # odlCredsExternalSecret: some secret
-
-mariadb-galera:
- config:
- userCredentialsExternalSecret: *dbSecretName
- userName: sdnctl
- userPassword: gamma
- mysqlDatabase: sdnctl
- nameOverride: dmaap-listener-galera
- service:
- name: dmaap-listener-galera
- portName: dmaap-listener-galera
- internalPort: 3306
- replicaCount: 1
- persistence:
- enabled: true
- mountSubPath: dmaap-listener/maria/data
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-ingress:
- enabled: false
-
-service:
- name: sdnc-dmaap-listener
-
-#Resource limit flavor -By default using small
-flavor: small
-#Segregation for different environment (small and large)
-
-resources:
- small:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 1
- memory: 2Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 AT&T, Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Host definition
-ip: 0.0.0.0
-port: {{.Values.service.internalPort}}
-
-# Security (controls use of TLS encrypton and RestServer authentication)
-tls: no
-auth: no
-
-# TLS certificates (must be built on application host)
-priv: provide_privated_key.pem
-pub: provide_public_key.pem
-
-# RestServer authentication
-id: ${REST_USER}
-psswd: ${REST_PASSWORD}
-
-# Mysql
-host: {{ include "common.mariadbService" $ }}
-user: ${DB_USER}
-passwd: ${DB_PASSWORD}
-db: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
-
-# Playbooks
-from_files: yes
-ansible_path: /opt/onap/sdnc/Playbooks
-ansible_inv: Ansible_inventory
-ansible_temp: PlaybooksTemp
-timeout_seconds: 60
-
-# Blocking on GetResults
-getresults_block: yes
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: REST_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "rest-creds" "key" "login") | indent 10 }}
- - name: REST_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "rest-creds" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input
- name: config-input
- - mountPath: /config
- name: config
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
-
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.config.sdncChartName }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/ccsdk && ./startAnsibleServer.sh"]
-
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: {{ .Values.config.configDir }}/RestServer_config
- name: config
- subPath: RestServer_config
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: config-input
- configMap:
- name: {{ include "common.fullname" . }}
- defaultMode: 0644
- - name: config
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- # envsusbt
- envsubstImage: dibi/envsubst
- mariadbGalera:
- #This flag allows SO to instantiate its own mariadb-galera cluster
- #If shared instance is used, this chart assumes that DB already exists
- localCluster: false
- service: mariadb-galera
- internalPort: 3306
- nameOverride: mariadb-galera
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-secret
- name: &dbSecretName '{{ include "common.release" . }}-sdnc-ansible-server-db-secret'
- type: basicAuth
- # This is a nasty trick that allows you override this secret using external one
- # with the same field that is used to pass this to subchart
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-ansible-server-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
- login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
- password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
- passwordPolicy: required
- - uid: rest-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.restCredsExternalSecret) . }}'
- login: '{{ .Values.config.restUser }}'
- password: '{{ .Values.config.restPassword }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/sdnc-ansible-server-image:1.8.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- sdncChartName: sdnc
- configDir: /opt/onap/sdnc
- restUser: sdnc
- restPassword: sdnc
- # restCredsExternalSecret: some secret
-
-mariadb-galera:
- config:
- userCredentialsExternalSecret: *dbSecretName
- userName: sdnc
- userPassword: sdnc
- mysqlDatabase: ansible
- nameOverride: ansible-server-galera
- service:
- name: ansible-server-galera
- portName: ansible-server-galera
- internalPort: 3306
- replicaCount: 1
- persistence:
- enabled: true
- mountSubPath: ansible-server/maria/data
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 180
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: sdnc-ansible-server
- portName: sdnc-ansible-server
- internalPort: 8000
- externalPort: 8000
-
-ingress:
- enabled: false
-
-#Resource Limit flavor -By default using small
-flavor: small
-
-#Segregation for Different environment (Small and Large)
-
-resources:
- small:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 0.5
- memory: 500Mi
- large:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: SDN-C Admin Portal
-name: sdnc-portal
-version: 6.0.0
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-{
- "MainMenu": "gamma",
- "dbConnLimit": "100",
- "home": "/opt/admportal",
- "sslEnabled": "true",
- "nonSslPort": "8543",
- "ConexusNetworkPort": "{{.Values.service.internalPort}}",
- "AppNetworkPort": "8543",
- "clusterPort": "8443",
- "serviceHomingServiceType": "SDN-ETHERNET-INTERNET",
- "passwordKey": "QtfJMKggVk",
- "preloadImportDirectory": "C:/data/csv",
- "clusterPrefixURL": "/jolokia/read/org.opendaylight.controller:Category=Shards,name=member-",
- "clusterMidURL": "-shard-",
- "clusterSuffixURL": "-config,type=DistributedConfigDatastore",
- "shards": [
- "default",
- "inventory",
- "topology"
- ],
- "dbFabric": "false",
- "ip-addresses": {
- "lo": "127.0.0.1",
- "eth0": "127.0.0.1",
- "docker0": "172.17.0.1",
- "virbr0": "192.168.122.1"
- },
- "svclogicPropertiesDb01": "{{.Values.config.configDir}}/svclogic.properties.sdnctldb01",
- "databases": [
- "{{include "common.mariadbService" $}}|sdnc-sdnctldb01.{{.Release.Namespace}}"
- ],
- "dbFabricServer": "localhost",
- "dbFabricPort": "32275",
- "dbFabricGroupId": "hagroup1",
- "dbFabricUser": "${DB_FABRIC_USER}",
- "dbFabricPassword": "${DB_FABRIC_PASSWORD",
- "dbFabricDB": "{{.Values.config.dbFabricDB}}",
- "dbUser": "${SDNC_DB_USER}",
- "dbPassword": "${SDNC_DB_PASSWORD}",
- "dbName": "{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}",
- "odlProtocol": "http",
- "odlHost": "sdnc.{{.Release.Namespace}}",
- "odlConexusHost": "sdnc.{{.Release.Namespace}}",
- "odlPort": "8181",
- "odlConexusPort": "8181",
- "odlUser": "${ODL_USER}",
- "odlPasswd": "${ODL_PASSWORD}",
- "ConexusNetwork_sslCert": "{{.Values.config.storesDir}}/org.onap.sdnc.p12",
- "ConexusNetwork_sslKey": "${KEYSTORE_PASSWORD}",
- "AppNetwork_sslCert": "",
- "AppNetwork_sslKey": "",
- "hostnameList": [
- {
- "hname": "localhost"
- }
- ],
- "shard_list": [
- {
- "shard_name": "default"
- },
- {
- "shard_name": "inventory"
- },
- {
- "shard_name": "topology"
- }
- ]
-}
+++ /dev/null
-###
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-org.onap.ccsdk.sli.dbtype=jdbc
-org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
-org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
-org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
-org.onap.ccsdk.sli.jdbc.connection.timeout=50
-org.onap.ccsdk.sli.jdbc.request.timeout=100
-org.onap.ccsdk.sli.jdbc.limit.init=10
-org.onap.ccsdk.sli.jdbc.limit.min=10
-org.onap.ccsdk.sli.jdbc.limit.max=20
-org.onap.dblib.connection.recovery=false
+++ /dev/null
-org.openecomp.sdnctl.sli.dbtype = jdbc
-org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb01:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER}
-org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD}
+++ /dev/null
-org.openecomp.sdnctl.sli.dbtype = jdbc
-org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb02:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER}
-org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: SDNC_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: SDNC_DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: DB_FABRIC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "login") | indent 10 }}
- - name: DB_FABRIC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "password") | indent 10 }}
- - name: ODL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
- - name: ODL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
- - name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input
- name: config-input
- - mountPath: /config
- name: properties
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
-
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ include "common.mariadbService" . }}
- - --container-name
- - {{ .Values.config.sdncChartName }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh"]
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14 }}
- - name: SDNC_CONFIG_DIR
- value: "{{ .Values.config.configDir }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: {{ .Values.config.configDir }}/admportal.json
- name: properties
- subPath: admportal.json
- - mountPath: {{ .Values.config.configDir }}/dblib.properties
- name: properties
- subPath: dblib.properties
- - mountPath: {{ .Values.config.configDir }}/svclogic.properties
- name: properties
- subPath: svclogic.properties
- - mountPath: {{ .Values.config.configDir }}/svclogic.properties.sdnctldb01
- name: properties
- subPath: svclogic.properties
- - mountPath: {{ .Values.config.configDir }}/svclogic.properties.sdnctldb02
- name: properties
- subPath: svclogic.properties.sdnctldb02
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: config-input
- configMap:
- name: {{ include "common.fullname" . }}
- defaultMode: 0644
- - name: properties
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "sdnc-portal",
- "version": "v1",
- "url": "/",
- "protocol": "UI",
- "port": "{{ .Values.service.externalPort }}",
- "visualRange":"0|1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- # envsusbt
- envsubstImage: dibi/envsubst
-
- mariadbGalera:
- #This flag allows SO to instantiate its own mariadb-galera cluster
- #If shared instance is used, this chart assumes that DB already exists
- localCluster: false
- service: mariadb-galera
- internalPort: 3306
- nameOverride: mariadb-galera
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-root-password
- type: password
- externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
- password: '{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
- passwordPolicy: required
- - uid: db-secret
- name: &dbSecretName '{{ include "common.release" . }}-sdnc-portal-db-secret'
- type: basicAuth
- # This is a nasty trick that allows you override this secret using external one
- # with the same field that is used to pass this to subchart
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-portal-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
- login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
- password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
- passwordPolicy: required
- - uid: odl-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
- login: '{{ .Values.config.odlUser }}'
- password: '{{ .Values.config.odlPassword }}'
- passwordPolicy: required
- - uid: fabric-db-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
- login: '{{ .Values.config.dbFabricUser }}'
- password: '{{ .Values.config.dbFabricPassword }}'
- passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.config.KeyStorePwdExternalSecret) . }}'
- password: '{{ .Values.config.keystorePwd }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.8.4
-config:
- dbFabricDB: mysql
- dbFabricUser: admin
- dbFabricPassword: admin
- # dbFabricDBCredsExternalSecret: some secret
- sdncChartName: sdnc
- configDir: /opt/onap/sdnc/data/properties
- storesDir: /opt/onap/sdnc/data/stores
- odlUser: admin
- odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- # odlCredsExternalSecret: some secret
- keystorePwd: ff^G9D]yf&r}Ktum@BJ0YB?N
- # keystorePwdExternalSecret: some secret
-
-mariadb-galera:
- config:
- userCredentialsExternalSecret: *dbSecretName
- userName: sdnctl
- userPassword: gamma
- mysqlDatabase: sdnctl
- nameOverride: sdnc-portal-galera
- service:
- name: sdnc-portal-galera
- portName: sdnc-portal-galera
- internalPort: 3306
- replicaCount: 1
- persistence:
- enabled: true
- mountSubPath: sdnc-portal/maria/data
-
-# default number of instances
-replicaCount: 0
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 180
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 10
-
-service:
- type: NodePort
- name: sdnc-portal
- portName: sdnc-portal
- internalPort: 8443
- externalPort: 8443
- nodePort: "01"
-
-ingress:
- enabled: false
- service:
- - baseaddr: "sdnc-portal.api"
- name: "sdnc-portal"
- port: 8443
- config:
- ssl: "redirect"
-
-#Resource limit flavor -By default using small
-flavor: small
-#segregation for different environment (small and large)
-
-resources:
- small:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 0.5
- memory: 500Mi
- large:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~6.x-0
- repository: '@local'
+++ /dev/null
-###
-# ============LICENSE_START=======================================================
-# openECOMP : SDN-C
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
-# Copyright (C) 2020 Samsung Electrinics
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-
-# dblib.properties
-org.onap.ccsdk.sli.dbtype=jdbc
-
-org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
-org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
-org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
-org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
-org.onap.ccsdk.sli.jdbc.connection.timeout=50
-org.onap.ccsdk.sli.jdbc.request.timeout=100
-org.onap.ccsdk.sli.jdbc.limit.init=10
-org.onap.ccsdk.sli.jdbc.limit.min=10
-org.onap.ccsdk.sli.jdbc.limit.max=20
-org.onap.dblib.connection.recovery=false
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: SDNC_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: SDNC_DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: UEB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ueb-creds" "key" "login") | indent 10 }}
- - name: UEB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ueb-creds" "key" "password") | indent 10 }}
- - name: ODL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
- - name: ODL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input
- name: config-input
- - mountPath: /config
- name: properties
- image: "{{ .Values.global.envsubstImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ include "common.mariadbService" . }}
- - --container-name
- - {{ .Values.config.sdncChartName }}
- - --container-name
- - {{ .Values.config.sdcbeChartName }}
- - --container-name
- - {{ .Values.config.msgRouterContainerName }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - command:
- - /opt/onap/sdnc/ueb-listener/bin/start-ueb-listener.sh
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: PROPERTY_DIR
- value: "{{ .Values.config.configDir }}"
- - name: SDNC_CONFIG_DIR
- value: "{{ .Values.config.configDir }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: {{ .Values.config.configDir }}/dblib.properties
- name: properties
- subPath: dblib.properties
- - mountPath: {{ .Values.config.configDir }}/ueb-listener.properties
- name: properties
- subPath: ueb-listener.properties
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: config-input
- configMap:
- name: {{ include "common.fullname" . }}
- defaultMode: 0644
- - name: properties
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- # envsusbt
- envsubstImage: dibi/envsubst
- mariadbGalera:
- #This flag allows SO to instantiate its own mariadb-galera cluster
- #If shared instance is used, this chart assumes that DB already exists
- localCluster: false
- service: mariadb-galera
- internalPort: 3306
- nameOverride: mariadb-galera
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-secret
- name: '{{ include "common.release" . }}-sdnc-ueb-listener-db-secret'
- type: basicAuth
- # This is a nasty trick that allows you override this secret using external one
- # with the same field that is used to pass this to subchart
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-ueb-listener-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
- login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
- password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
- passwordPolicy: required
- - uid: odl-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
- login: '{{ .Values.config.odlUser }}'
- password: '{{ .Values.config.odlPassword }}'
- passwordPolicy: required
- - uid: ueb-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.uebCredsExternalSecret) . }}'
- login: '{{ .Values.config.uebUser }}'
- password: '{{ .Values.config.uebPassword }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/sdnc-ueb-listener-image:1.8.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- sdncPort: 8282
- sdncChartName: sdnc
- sdcbeChartName: sdc-be
- msgRouterContainerName: message-router
- configDir: /opt/onap/sdnc/data/properties
- uebUser: sdnc
- uebPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- # uebCredsExternalSecret: some secret
- odlUser: admin
- odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- # odlCredsExternalSecret: some secret
-
-mariadb-galera:
- # '&mariadbConfig' means we "store" the values for later use in the file
- # with '*mariadbConfig' pointer.
- config:
- userCredentialsExternalSecret: '{{ include "common.release" . }}-sdnc-ueb-listener-db-secret'
- userName: sdnctl
- userPassword: gamma
- mysqlDatabase: sdnctl
- nameOverride: ueb-listener-galera
- service:
- name: ueb-listener-galera
- portName: ueb-listener-galera
- internalPort: 3306
- replicaCount: 1
- persistence:
- enabled: true
- mountSubPath: ueb-listener/maria/data
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- name: sdnc-ueb-listener
-
-ingress:
- enabled: false
-
-#Resource limit flavor -By default using small
-flavor: small
-#Segregation for different environment (small and large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 0.5
- memory: 1Gi
- large:
- limits:
- cpu: 4
- memory: 8Gi
- requests:
- cpu: 1
- memory: 2Gi
- unlimited: {}
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
- @helm repo index $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
+else
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+endif
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
--- /dev/null
+{{/*
+###
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+*/}}
+org.onap.ccsdk.sli.dbtype=jdbc
+org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
+org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
+org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
+org.onap.ccsdk.sli.jdbc.connection.timeout=50
+org.onap.ccsdk.sli.jdbc.request.timeout=100
+org.onap.ccsdk.sli.jdbc.limit.init=10
+org.onap.ccsdk.sli.jdbc.limit.min=10
+org.onap.ccsdk.sli.jdbc.limit.max=20
+org.onap.dblib.connection.recovery=false
--- /dev/null
+TransportType=HTTPNOAUTH
+Latitude =50.000000
+Longitude =-100.000000
+Version =1.0
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events
+Environment =TEST
+Partner =
+routeOffer=MR1
+SubContextPath =/
+Protocol =http
+MethodType =GET
+username =UNUSED
+password =UNUSED
+contenttype =application/json
+authKey=UNUSED
+authDate=UNUSED
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+topic=RAN-Slice-Mgmt
+group=users
+id=sdnc1
+timeout=15000
+limit=1000
+filter=
+AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler
+AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler
+AFT_DME2_REQ_TRACE_ON=true
+AFT_ENVIRONMENT=AFTUAT
+AFT_DME2_EP_CONN_TIMEOUT=15000
+AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000
+AFT_DME2_EP_READ_TIMEOUT_MS=50000
+sessionstickinessrequired=NO
+DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: ODL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ - name: ODL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: properties
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{ include "common.mariadbService" . }}
+ - --container-name
+ - {{ .Values.config.sdncChartName }}
+ - --container-name
+ - {{ .Values.config.msgRouterContainerName }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - command:
+ - /opt/onap/sdnc/dmaap-listener/bin/start-dmaap-listener.sh
+ name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: PROPERTY_DIR
+ value: "{{ .Values.config.configDir }}"
+ - name: SDNC_CONFIG_DIR
+ value: "{{ .Values.config.configDir }}"
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: {{ .Values.config.configDir }}/dblib.properties
+ name: properties
+ subPath: dblib.properties
+ - mountPath: {{ .Values.config.configDir }}/dhcpalert.properties
+ name: properties
+ subPath: dhcpalert.properties
+ - mountPath: {{ .Values.config.configDir }}/lcm.properties
+ name: properties
+ subPath: lcm.properties
+ - mountPath: {{ .Values.config.configDir }}/aai.properties
+ name: properties
+ subPath: aai.properties
+ - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-CMNotify.properties
+ name: properties
+ subPath: dmaap-consumer-CMNotify.properties
+ - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-a1Adapter-policy.properties
+ name: properties
+ subPath: dmaap-consumer-a1Adapter-policy.properties
+ - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties
+ name: properties
+ subPath: dmaap-consumer-oofpcipoc.properties
+ - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-RANSlice.properties
+ name: properties
+ subPath: dmaap-consumer-RANSlice.properties
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: config-input
+ configMap:
+ name: {{ include "common.fullname" . }}
+ defaultMode: 0644
+ - name: properties
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ readinessImage: onap/oom/readiness:3.0.1
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-sdnc-dmaap-listener-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-dmaap-listener-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: required
+ - uid: odl-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
+ login: '{{ .Values.config.odlUser }}'
+ password: '{{ .Values.config.odlPassword }}'
+ passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/sdnc-dmaap-listener-image:2.0.4
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ dmaapPort: 3904
+ sdncChartName: sdnc
+ sdncPort: 8282
+ msgRouterContainerName: message-router
+ configDir: /opt/onap/sdnc/data/properties
+ odlUser: admin
+ odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ # odlCredsExternalSecret: some secret
+
+mariadb-galera:
+ config:
+ userCredentialsExternalSecret: *dbSecretName
+ userName: sdnctl
+ userPassword: gamma
+ mysqlDatabase: sdnctl
+ nameOverride: dmaap-listener-galera
+ service:
+ name: dmaap-listener-galera
+ portName: dmaap-listener-galera
+ internalPort: 3306
+ replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: dmaap-listener/maria/data
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+ingress:
+ enabled: false
+
+service:
+ name: sdnc-dmaap-listener
+
+#Resource limit flavor -By default using small
+flavor: small
+#Segregation for different environment (small and large)
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+{{/*
+# Copyright © 2017 AT&T, Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+# Host definition
+ip: 0.0.0.0
+port: {{.Values.service.internalPort}}
+
+# Security (controls use of TLS encrypton and RestServer authentication)
+tls: no
+auth: no
+
+# TLS certificates (must be built on application host)
+priv: provide_privated_key.pem
+pub: provide_public_key.pem
+
+# RestServer authentication
+id: ${REST_USER}
+psswd: ${REST_PASSWORD}
+
+# Mysql
+host: {{ include "common.mariadbService" $ }}
+user: ${DB_USER}
+passwd: ${DB_PASSWORD}
+db: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
+
+# Playbooks
+from_files: yes
+ansible_path: /opt/onap/sdnc/Playbooks
+ansible_inv: Ansible_inventory
+ansible_temp: PlaybooksTemp
+timeout_seconds: 60
+
+# Blocking on GetResults
+getresults_block: yes
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: REST_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "rest-creds" "key" "login") | indent 10 }}
+ - name: REST_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "rest-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{ .Values.config.sdncChartName }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+ command: ["/bin/bash"]
+ args: ["-c", "cd /opt/onap/ccsdk && ./startAnsibleServer.sh"]
+
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: {{ .Values.config.configDir }}/RestServer_config
+ name: config
+ subPath: RestServer_config
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: config-input
+ configMap:
+ name: {{ include "common.fullname" . }}
+ defaultMode: 0644
+ - name: config
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.name }}
+ selector:
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ readinessImage: onap/oom/readiness:3.0.1
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-sdnc-ansible-server-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-ansible-server-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: required
+ - uid: rest-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.restCredsExternalSecret) . }}'
+ login: '{{ .Values.config.restUser }}'
+ password: '{{ .Values.config.restPassword }}'
+ passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/sdnc-ansible-server-image:2.0.4
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ sdncChartName: sdnc
+ configDir: /opt/onap/sdnc
+ restUser: sdnc
+ restPassword: sdnc
+ # restCredsExternalSecret: some secret
+
+mariadb-galera:
+ config:
+ userCredentialsExternalSecret: *dbSecretName
+ userName: sdnc
+ userPassword: sdnc
+ mysqlDatabase: ansible
+ nameOverride: ansible-server-galera
+ service:
+ name: ansible-server-galera
+ portName: ansible-server-galera
+ internalPort: 3306
+ replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: ansible-server/maria/data
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 180
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: sdnc-ansible-server
+ portName: sdnc-ansible-server
+ internalPort: 8000
+ externalPort: 8000
+
+ingress:
+ enabled: false
+
+#Resource Limit flavor -By default using small
+flavor: small
+
+#Segregation for Different environment (Small and Large)
+
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 0.5
+ memory: 500Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ unlimited: {}
#!/bin/bash
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
debugLog(){
if [ "$enableDebugLogging" == true ]; then
#!/bin/bash
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
debugLog(){
if [ "$enableDebugLogging" == true ]; then
#!/bin/bash
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
if [ "${SDNC_IS_PRIMARY_CLUSTER:-true}" = "true" ];then
id=sdnc01
#!/bin/bash
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
# query ODL cluster state
USERNAME="{{.Values.odl.jolokia.username}}"
#! /bin/bash
+{{/*
# Copyright © 2018 Amdocs
#
####################################################################################################
# sdncDnsSwitchWrapper.bash: Wrapper script to invoke SDNC DNS Switch for domain: sdnc.example.com #
####################################################################################################
+*/}}
ssh -i {{.Values.coreDNS.sshKeyFile}} -o StrictHostKeyChecking=no {{.Values.coreDNS.sshUser}}@{{.Values.coreDNS.host}} "{{.Values.coreDNS.switchScript}} $SDNC_LOCAL_K8S_CLUSTER_MASTER {{.Values.config.deployment}}"
exit $?
#!/bin/bash
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
LOGFILE="/app/geo.log"
enableDebugLogging=true
#!/usr/bin/env python2
+{{/*
# encoding: utf-8
# Copyright © 2018 Amdocs
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
import sys
import os
+{{/*
#/bin/sh
# Copyright © 2018 Amdocs
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
set -e
primary=${SDNC_IS_PRIMARY_CLUSTER:-true}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- sdnc
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
global:
nodePortPrefix: 302
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence:
--- /dev/null
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: SDN-C Web Server
+name: sdnc-web
+version: 6.0.0
--- /dev/null
+# Copyright © 2020 highstreet technologies GmbH
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers: {{ include "common.certInitializer.initContainer" . | indent 6 }}
+ - name: {{ include "common.name" . }}-readiness
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{ .Values.config.sdncChartName }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{- include "common.containerPorts" . | indent 10 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: WEBPROTOCOL
+ value: {{ .Values.config.webProtocol }}
+ - name: WEBPORT
+ value: {{ .Values.config.webPort | quote }}
+ - name: SDNRPROTOCOL
+ value: {{ .Values.config.sdnrProtocol }}
+ - name: SDNRHOST
+ value: {{ .Values.config.sdnrHost }}.{{ include "common.namespace" . }}
+ - name: SDNRPORT
+ value: {{ .Values.config.sdnrPort | quote }}
+ - name: SSL_CERT_DIR
+ value: {{ .Values.config.sslCertDir }}
+ - name: SSL_CERTIFICATE
+ value: {{ .Values.config.sslCertiticate }}
+ - name: SSL_CERTIFICATE_KEY
+ value: {{ .Values.config.sslCertKey }}
+ {{ if .Values.config.transportpce.enabled }}
+ - name: TRPCEURL
+ value: {{ .Values.config.transportpce.transportpceUrl }}
+ {{ end }}
+ {{ if .Values.config.topologyserver.enabled }}
+ - name: TOPOURL
+ value: {{ .Values.config.topologyserver.topologyserverUrl }}
+ - name: TILEURL
+ value: {{ .Values.config.topologyserver.tileserverUrl }}
+ {{ end }}
+
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/* # Copyright © 2020 highstreet technologies GmbH
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- include "common.service" . -}}
+
--- /dev/null
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ aafEnabled: true
+ nodePortPrefix: 322
+ readinessImage: onap/oom/readiness:3.0.1
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ k8scluster: svc.cluster.local
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: "onap/sdnc-web-image:2.0.4"
+pullPolicy: Always
+
+config:
+ sdncChartName: sdnc
+ webProtocol: HTTPS
+ webPort: 8443
+ sdnrProtocol: https
+ sdnrHost: "sdnc"
+ sdnrPort: "8443"
+ sslCertDir: "/opt/app/osaaf/local/certs"
+ sslCertiticate: "cert.pem"
+ sslCertKey: "key.pem"
+ transportpce:
+ enabled: false
+ transportpceUrl: http://transportpce.transportpce:8181
+ topologyserver:
+ enabled: false
+ topologyserverUrl: http://toplogy-api-service.topology:3001
+ tileserverUrl: https://tile.openstreetmap.org
+
+
+#################################################################
+# aaf configuration defaults.
+#################################################################
+certInitializer:
+ nameOverride: sdnc-web-cert-initializer
+ fqdn: "sdnc"
+ app_ns: "org.osaaf.aaf"
+ fqi: "sdnc@sdnc.onap.org"
+ fqi_namespace: "org.onap.sdnc"
+ public_fqdn: "sdnc.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ cd /opt/app/osaaf/local;
+ mkdir -p certs;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
+ openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
+ cp {{ .Values.fqi_namespace }}.key certs/key.pem;
+ chmod -R 755 certs;
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 180
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+service:
+ name: sdnc-web
+ suffix: service
+ type: NodePort
+ sessionAffinity: ClientIP
+ # for liveness and readiness probe only
+ # internalPort:
+ internalPort: 8443
+ ports:
+ - name: "sdnc-web"
+ port: "8443"
+ nodePort: "05"
+
+#ingress:
+# enabled: false
+
+#Resource limit flavor -By default using small
+flavor: small
+#segregation for different environment (small and large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 0.5
+ memory: 500Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ unlimited: {}
--- /dev/null
+{{/*
+###
+# ============LICENSE_START=======================================================
+# openECOMP : SDN-C
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2020 Samsung Electrinics
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+*/}}
+
+# dblib.properties
+org.onap.ccsdk.sli.dbtype=jdbc
+
+org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
+org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
+org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
+org.onap.ccsdk.sli.jdbc.connection.timeout=50
+org.onap.ccsdk.sli.jdbc.request.timeout=100
+org.onap.ccsdk.sli.jdbc.limit.init=10
+org.onap.ccsdk.sli.jdbc.limit.min=10
+org.onap.ccsdk.sli.jdbc.limit.max=20
+org.onap.dblib.connection.recovery=false
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: UEB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ueb-creds" "key" "login") | indent 10 }}
+ - name: UEB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ueb-creds" "key" "password") | indent 10 }}
+ - name: ODL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ - name: ODL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: properties
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{ include "common.mariadbService" . }}
+ - --container-name
+ - {{ .Values.config.sdncChartName }}
+ - --container-name
+ - {{ .Values.config.sdcbeChartName }}
+ - --container-name
+ - {{ .Values.config.msgRouterContainerName }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - command:
+ - /opt/onap/sdnc/ueb-listener/bin/start-ueb-listener.sh
+ name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: PROPERTY_DIR
+ value: "{{ .Values.config.configDir }}"
+ - name: SDNC_CONFIG_DIR
+ value: "{{ .Values.config.configDir }}"
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: {{ .Values.config.configDir }}/dblib.properties
+ name: properties
+ subPath: dblib.properties
+ - mountPath: {{ .Values.config.configDir }}/ueb-listener.properties
+ name: properties
+ subPath: ueb-listener.properties
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: config-input
+ configMap:
+ name: {{ include "common.fullname" . }}
+ defaultMode: 0644
+ - name: properties
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ readinessImage: onap/oom/readiness:3.0.1
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ name: '{{ include "common.release" . }}-sdnc-ueb-listener-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-ueb-listener-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: required
+ - uid: odl-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
+ login: '{{ .Values.config.odlUser }}'
+ password: '{{ .Values.config.odlPassword }}'
+ passwordPolicy: required
+ - uid: ueb-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.uebCredsExternalSecret) . }}'
+ login: '{{ .Values.config.uebUser }}'
+ password: '{{ .Values.config.uebPassword }}'
+ passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/sdnc-ueb-listener-image:2.0.4
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ sdncPort: 8282
+ sdncChartName: sdnc
+ sdcbeChartName: sdc-be
+ msgRouterContainerName: message-router
+ configDir: /opt/onap/sdnc/data/properties
+ uebUser: sdnc
+ uebPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ # uebCredsExternalSecret: some secret
+ odlUser: admin
+ odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ # odlCredsExternalSecret: some secret
+
+mariadb-galera:
+ # '&mariadbConfig' means we "store" the values for later use in the file
+ # with '*mariadbConfig' pointer.
+ config:
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-sdnc-ueb-listener-db-secret'
+ userName: sdnctl
+ userPassword: gamma
+ mysqlDatabase: sdnctl
+ nameOverride: ueb-listener-galera
+ service:
+ name: ueb-listener-galera
+ portName: ueb-listener-galera
+ internalPort: 3306
+ replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: ueb-listener/maria/data
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ name: sdnc-ueb-listener
+
+ingress:
+ enabled: false
+
+#Resource limit flavor -By default using small
+flavor: small
+#Segregation for different environment (small and large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 0.5
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs, Bell Canada,
+# Copyright © 2020 highstreet technologies GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: certInitializer
version: ~6.x-0
repository: '@local'
+ - name: logConfiguration
+ version: ~6.x-0
+ repository: '@local'
- name: network-name-gen
version: ~6.x-0
repository: '@local'
+ condition: network-name-gen.enabled
- name: dgbuilder
version: ~6.x-0
repository: '@local'
+ condition: dgbuilder.enabled
- name: sdnc-prom
version: ~6.x-0
repository: '@local'
- name: elasticsearch
version: ~6.x-0
repository: '@local'
+ condition: config.sdnr.enabled
+ # conditions for sdnc-subcharts
+ - name: dmaap-listener
+ version: ~6.x-0
+ repository: 'file://components/dmaap-listener/'
+ condition: sdnc.dmaap-listener.enabled,dmaap-listener.enabled
+ - name: ueb-listener
+ version: ~6.x-0
+ repository: 'file://components/ueb-listener/'
+ condition: sdnc.ueb-listener.enabled,ueb-listener.enabled
+ - name: sdnc-ansible-server
+ version: ~6.x-0
+ repository: 'file://components/sdnc-ansible-server/'
+ condition: sdnc.sdnc-ansible-server.enabled,sdnc-ansible-server.enabled
+ - name: sdnc-web
+ version: ~6.x-0
+ repository: 'file://components/sdnc-web/'
+ condition: sdnc.sdnc-web.enabled,sdnc-web.enabled
+
+
+
#!/bin/bash
+{{/*
###
# ============LICENSE_START=======================================================
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
ETC_DIR=${ETC_DIR:-${SDNC_HOME}/data}
+++ /dev/null
-#!/bin/bash
-
-###
-# ============LICENSE_START=======================================================
-# SDNC
-# ================================================================================
-# Copyright © 2020 Samsung Electronics
-# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-
-# Append features to karaf boot feature configuration
-# $1 additional feature to be added
-# $2 repositories to be added (optional)
-function addToFeatureBoot() {
- CFG=$ODL_HOME/etc/org.apache.karaf.features.cfg
- ORIG=$CFG.orig
- if [ -n "$2" ] ; then
- echo "Add repository: $2"
- mv $CFG $ORIG
- cat $ORIG | sed -e "\|featuresRepositories|s|$|,$2|" > $CFG
- fi
- echo "Add boot feature: $1"
- mv $CFG $ORIG
- cat $ORIG | sed -e "\|featuresBoot *=|s|$|,$1|" > $CFG
-}
-
-# Append features to karaf boot feature configuration
-# $1 search pattern
-# $2 replacement
-function replaceFeatureBoot() {
- CFG=$ODL_HOME/etc/org.apache.karaf.features.cfg
- ORIG=$CFG.orig
- echo "Replace boot feature $1 with: $2"
- sed -i "/featuresBoot/ s/$1/$2/g" $CFG
-}
-
-function install_sdnrwt_features() {
- addToFeatureBoot "$SDNRWT_BOOTFEATURES" $SDNRWT_REPOSITORY
-}
-
-function enable_odl_cluster(){
- if [ -z $SDNC_REPLICAS ]; then
- echo "SDNC_REPLICAS is not configured in Env field"
- exit
- fi
-
- #Be sure to remove feature odl-netconf-connector-all from list
- replaceFeatureBoot "odl-netconf-connector-all,"
-
- echo "Installing Opendaylight cluster features"
- replaceFeatureBoot odl-netconf-topology odl-netconf-clustered-topology
- replaceFeatureBoot odl-mdsal-all odl-mdsal-all,odl-mdsal-clustering
- addToFeatureBoot odl-jolokia
- #${ODL_HOME}/bin/client feature:install odl-mdsal-clustering
- #${ODL_HOME}/bin/client feature:install odl-jolokia
-
-
- echo "Update cluster information statically"
- hm=$(hostname)
- echo "Get current Hostname ${hm}"
-
- node=($(echo ${hm} | sed 's/-[0-9]*$//g'))
- node_index=($(echo ${hm} | awk -F"-" '{print $NF}'))
- member_offset=1
-
- if $GEO_ENABLED; then
- echo "This is a Geo cluster"
-
- if [ -z $IS_PRIMARY_CLUSTER ] || [ -z $MY_ODL_CLUSTER ] || [ -z $PEER_ODL_CLUSTER ]; then
- echo "IS_PRIMARY_CLUSTER, MY_ODL_CLUSTER and PEER_ODL_CLUSTER must all be configured in Env field"
- return
- fi
-
- if $IS_PRIMARY_CLUSTER; then
- PRIMARY_NODE=${MY_ODL_CLUSTER}
- SECONDARY_NODE=${PEER_ODL_CLUSTER}
- else
- PRIMARY_NODE=${PEER_ODL_CLUSTER}
- SECONDARY_NODE=${MY_ODL_CLUSTER}
- member_offset=4
- fi
-
- node_list="${PRIMARY_NODE} ${SECONDARY_NODE}"
-
- /opt/onap/sdnc/bin/configure_geo_cluster.sh $((node_index+member_offset)) ${node_list}
- else
- echo "This is a local cluster"
-
- node_list="${node}-0.{{.Values.service.name}}-cluster.{{.Release.Namespace}}";
-
- for ((i=1;i<${SDNC_REPLICAS};i++));
- do
- node_list="${node_list} ${node}-$i.{{.Values.service.name}}-cluster.{{.Release.Namespace}}"
- done
-
- /opt/opendaylight/current/bin/configure_cluster.sh $((node_index+1)) ${node_list}
- fi
-}
-
-
-# Install SDN-C platform components if not already installed and start container
-
-ODL_HOME=${ODL_HOME:-/opt/opendaylight/current}
-ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME}
-ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD}
-SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
-SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin}
-CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk}
-ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false}
-GEO_ENABLED=${GEO_ENABLED:-false}
-SDNC_AAF_ENABLED=${SDNC_AAF_ENABLED:-false}
-SDNRWT=${SDNRWT:-false}
-SDNRWT_BOOTFEATURES=${SDNRWT_BOOTFEATURES:-sdnr-wt-feature-aggregator}
-export ODL_ADMIN_PASSWORD ODL_ADMIN_USERNAME
-
-echo "Settings:"
-echo " ENABLE_ODL_CLUSTER=$ENABLE_ODL_CLUSTER"
-echo " SDNC_REPLICAS=$SDNC_REPLICAS"
-echo " SDNRWT=$SDNRWT"
-echo " AAF_ENABLED=$SDNC_AAF_ENABLED"
-
-
-if $SDNC_AAF_ENABLED; then
- export SDNC_AAF_STORE_DIR=/opt/app/osaaf/local
- export SDNC_AAF_CONFIG_DIR=/opt/app/osaaf/local
- export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass`
- export SDNC_KEYSTORE=org.onap.sdnc.p12
- sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties
- echo "cadi_prop_files=$SDNC_AAF_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
-
- sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties
- sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties
- sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties
- echo org.ops4j.pax.web.ssl.keystore=$SDNC_AAF_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
- echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
- echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
-fi
-
-if [ ! -f ${SDNC_HOME}/.installed ]
-then
- echo "Installing SDN-C keyStore"
- ${SDNC_HOME}/bin/addSdncKeyStore.sh
-
- if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi
-
- if $SDNRWT ; then install_sdnrwt_features ; fi
-
- echo "Installed at `date`" > ${SDNC_HOME}/.installed
-fi
-
-cp /opt/opendaylight/current/certs/* /tmp
-
-nohup python ${SDNC_BIN}/installCerts.py &
-
-
-exec ${ODL_HOME}/bin/karaf server
+{{/*
###
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
#
# Configuration file for A&AI Client
org.onap.ccsdk.sli.adaptors.aai.param.format=filter=%s:%s
org.onap.ccsdk.sli.adaptors.aai.param.vnf_type=vnf-type
org.onap.ccsdk.sli.adaptors.aai.param.physical.location.id=physical-location-id
-org.onap.ccsdk.sli.adaptors.aai.param.service.type=service-type
\ No newline at end of file
+org.onap.ccsdk.sli.adaptors.aai.param.service.type=service-type
+{{/*
###
# Copyright � 2017-2018 AT&T Intellectual Property.
# Modifications Copyright � 2018 IBM.
#
# Configuration file for SDNC Controller Module
#
+*/}}
org.onap.ccsdk.features.blueprints.adaptors.envtype=solo
+{{/*
###
# ============LICENSE_START=======================================================
# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}}
--- /dev/null
+[general]
+dmaapEnabled={{.Values.config.sdnr.mountpointRegistrarEnabled | default "false"}}
+{{ if .Values.global.aafEnabled }}
+baseUrl=https://localhost:{{.Values.service.internalPort4}}
+{{- else }}
+baseUrl=http://localhost:{{.Values.service.internalPort}}
+{{- end }}
+sdnrUser=${ODL_ADMIN_USERNAME}
+sdnrPasswd=${ODL_ADMIN_PASSWORD}
+
+[fault]
+faultConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPFaultVESMsgConsumer
+TransportType=HTTPNOAUTH
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+topic=unauthenticated.SEC_FAULT_OUTPUT
+contenttype=application/json
+group=myG
+id=C1
+timeout=50000
+limit=10000
+
+[pnfRegistration]
+pnfRegConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPPNFRegVESMsgConsumer
+TransportType=HTTPNOAUTH
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+topic=unauthenticated.VES_PNFREG_OUTPUT
+contenttype=application/json
+group=myG
+id=C1
+timeout=50000
+limit=10000
--- /dev/null
+[general]
+dmaapEnabled={{.Values.config.sdnr.mountpointStateProviderEnabled | default "false"}}
+TransportType=HTTPNOAUTH
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+topic=unauthenticated.SDNR_MOUNTPOINT_STATE_INFO
+contenttype=application/json
+timeout=20000
+limit=10000
+maxBatchSize=100
+maxAgeMs=250
+MessageSentThreadOccurance=50
+{{/*
#
# Copyright (C) 2018 AT&T, Bell Canada.
#
# See the License for the specific language governing permissions and
# limitations under the License.
#
+*/}}
# Configuration file for Netbox client
org.onap.ccsdk.sli.adaptors.netbox.url=http://netbox-app.{{.Release.Namespace}}:8001
#!/bin/sh
+{{/*
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# export KARAF_DEBUG # Enable debug mode
# export KARAF_REDIRECT # Enable/set the std/err redirection when using bin/start
# export KARAF_NOROOT # Prevent execution as root if set to true
+*/}}
if [ "x$JAVA_MAX_MEM" = "x" ]; then
export JAVA_MAX_MEM="2048m"
fi
-EXTRA_JAVA_OPTS: "-XX:+UseG1GC -XX:MaxGCPauseMillis={{.Values.config.odl.javaOptions.maxGCPauseMillis}} \
- -XX:ParallelGCThreads={{.Values.config.odl.javaOptions.parallelGCThreads}} -XX:+ParallelRefProcEnabled \
- -XX:+UseStringDeduplication -XX:+PrintGC -XX:+PrintGCDateStamps -XX:+PrintGCDetails \
- -XX:+PrintGCTimeStamps -XX:+UseGCLogFileRotation \
- -XX:NumberOfGCLogFiles={{.Values.config.odl.javaOptions.numberGGLogFiles}} -Xloggc:/var/log/onap/sdnc/gc-%t.log"
+EXTRA_JAVA_OPTS=${EXTRA_JAVA_OPTS:-"-XX:+UseG1GC \
+ -XX:MaxGCPauseMillis={{.Values.config.odl.javaOptions.maxGCPauseMillis}} \
+ -XX:ParallelGCThreads={{.Values.config.odl.javaOptions.parallelGCThreads}} \
+ -XX:+ParallelRefProcEnabled \
+ -XX:+UseStringDeduplication {{.Values.config.odl.javaOptions.gcLogOptions}}"}
+{{/*
###
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# limitations under the License.
# ============LICENSE_END=========================================================
###
+*/}}
org.onap.ccsdk.sli.dbtype = jdbc
org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}}
+{{/*
################################################################################
#
# Licensed to the Apache Software Foundation (ASF) under one or more
#
################################################################################
# Properties used as default values in MDC
+*/}}
log4j2.property.ServiceName = INTERNAL
log4j2.property.ErrorCode = 900
log4j2.property.ErrorDesc = UnknownError
log4j2.rootLogger.appenderRef.DebugFile.ref = DebugFile
log4j2.rootLogger.appenderRef.ErrorFile.ref = ErrorFile
log4j2.rootLogger.appenderRef.Console.filter.threshold.type = ThresholdFilter
-log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${karaf.log.console:-OFF}
+log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${env:KARAF_CONSOLE_LOG_LEVEL\:-OFF}
log4j2.bundle.info = %X{bundle.id} - %.50X{bundle.name} - %X{bundle.version}
# Veracode: Address Improper Output Neutralization for Logs CWE ID 117 flaw
log4j2.appender.error.strategy.fileIndex = min
log4j2.appender.error.filter.threshold.type = ThresholdFilter
log4j2.appender.error.filter.threshold.level = WARN
-log4j2.appender.error.filter.threshold.match = ACCEPT
log4j2.appender.metric.type = RollingRandomAccessFile
log4j2.appender.metric.name = MetricFile
log4j2.appender.rr.strategy.fileIndex = min
log4j2.appender.security.type = RollingRandomAccessFile
-log4j2.appender.security.name = securityRollingFile
+log4j2.appender.security.name = SecurityFile
log4j2.appender.security.fileName = ${logDirectory}/${securityLogName}.log
log4j2.appender.security.filePattern = ${logDirectory}/${securityLogName}.log.%i
log4j2.appender.security.append = true
log4j2.logger.security.name = org.apache.karaf.jaas.modules.audit
log4j2.logger.security.level = INFO
log4j2.logger.security.additivity = false
-log4j2.logger.security.appenderRef.AuditRollingFile.ref = AuditRollingFile
+log4j2.logger.security.appenderRef.SecurityFile.ref = SecurityFile
log4j2.logger.audit.name = org.onap.logging.filter.base.AbstractAuditLogFilter
log4j2.logger.audit.level = INFO
image: onap/sdnc-ansible-server-image:1.7.0
dmaap-listener:
image: onap/sdnc-dmaap-listener-image:1.7.0
- sdnc-portal:
- image: onap/admportal-sdnc-image:1.7.0
ueb-listener:
image: onap/sdnc-ueb-listener-image:1.7.0
cds:
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
SDNC_AAF_ENABLED: "{{ .Values.global.aafEnabled }}"
SDNC_GEO_ENABLED: "{{ .Values.config.geoEnabled }}"
#!/bin/bash
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
if ! [ "$(command -v jq)" ]; then
echo "Error: jq is not installed."
#!/bin/bash
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
dir=$( dirname $0 )
#!/bin/sh
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
if [ $# -lt 1 ];then
echo "Usage: makeactive <release> [namespace]"
#!/bin/sh
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
if [ $# -lt 1 ];then
echo "Usage: $(basename $0) [--debug] <release> [namespace]"
#!/bin/bash
+{{/*
# Copyright © 2018 Amdocs
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
function usage()
{
+{{- if .Values.dgbuilder.enabled -}}
{{/*
# Copyright © 2017 Amdocs, Bell Canada, AT&T
#
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- {{ include "common.mariadbService" . }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
restartPolicy: Never
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright © 2020 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.config.sdnr.enabled -}}
+apiVersion: batch/v1
+kind: Job
+metadata: {{- include "common.resourceMetadata" (dict "suffix" "sdnrdb-init-job" "dot" . ) | nindent 2 }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata: {{ include "common.templateMetadata" . | indent 6}}
+ spec:
+ initContainers:
+ {{ include "common.certInitializer.initContainer" . | indent 6 }}
+ {{ if .Values.global.aafEnabled }}
+ - name: {{ include "common.name" . }}-chown
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"]
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ {{ end }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{.Values.elasticsearch.nameOverride}}-elasticsearch
+ - --container-name
+ - {{.Values.elasticsearch.nameOverride}}-nginx
+ - --container-name
+ - {{.Values.elasticsearch.nameOverride}}-master
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}-sdnrdb-init-job
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/bash"]
+ args: ["-c", "{{ .Values.config.binDir }}/startODL.sh"]
+ env:
+ - name: SDNC_AAF_ENABLED
+ value: "{{ .Values.global.aafEnabled}}"
+ - name: SDNC_HOME
+ value: "{{.Values.config.sdncHome}}"
+ - name: ETC_DIR
+ value: "{{.Values.config.etcDir}}"
+ - name: BIN_DIR
+ value: "{{.Values.config.binDir}}"
+ ## start sdnrdb parameter
+ - name: SDNRINIT
+ value: "true"
+ - name: SDNRDBURL
+ {{ if .Values.global.aafEnabled -}}
+ value: "https://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+ {{- else -}}
+ value: "http://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+ {{- end }}
+ - name: SDNRDBPARAMETER
+ value: "-k"
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: docker-entrypoint-initdb-d
+ emptyDir: {}
+ - name: bin
+ configMap:
+ name: {{ include "common.fullname" . }}-bin
+ defaultMode: 0755
+ - name: properties
+ configMap:
+ name: {{ include "common.fullname" . }}-properties
+ defaultMode: 0644
+{{ include "common.certInitializer.volumes" . | nindent 6 }}
+ restartPolicy: Never
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
+{{ end -}}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
{{ include "common.secretFast" . }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 highstreet technologies GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
targetPort: {{ .Values.service.internalPort4 }}
{{ end }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+ {{ if .Values.config.sdnr.enabled }}
+ sessionAffinity: ClientIP
+ {{ end }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
---
apiVersion: v1
kind: Service
port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
---
apiVersion: v1
kind: Service
port: {{ .Values.service.clusterPort }}
clusterIP: None
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
sessionAffinity: None
type: ClusterIP
apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
app: {{ include "common.name" . }}
serviceName: {{ include "common.servicename" . }}-cluster
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
podManagementPolicy: Parallel
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SDNC_DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: ODL_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ - name: ODL_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+
volumeMounts:
- mountPath: /config-input
name: config-input
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-
+ {{ if .Values.dgbuilder.enabled -}}
- command:
- - /root/ready.py
+ - /app/ready.py
args:
+ {{ if or .Values.dgbuilder.enabled .Values.config.sdnr.enabled -}}
- --container-name
- {{ include "common.mariadbService" . }}
+ {{ end -}}
+ {{ if .Values.config.sdnr.enabled -}}
+ - --container-name
+ - {{ include "common.name" . }}-sdnrdb-init-job
+ {{ end -}}
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
-
+ {{ end -}}
{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ {{ if .Values.global.cmpv2Enabled }}
+ - name: certs-init
+ image: "{{ .Values.global.repository }}/{{ .Values.global.platform.certServiceClient.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: REQUEST_URL
+ value: {{ .Values.global.platform.certServiceClient.envVariables.requestURL }}
+ - name: REQUEST_TIMEOUT
+ value: "30000"
+ - name: OUTPUT_PATH
+ value: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }}
+ - name: CA_NAME
+ value: {{ .Values.global.platform.certServiceClient.envVariables.caName }}
+ - name: COMMON_NAME
+ value: {{ .Values.global.platform.certServiceClient.envVariables.common_name }}
+ - name: ORGANIZATION
+ value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Organization }}
+ - name: ORGANIZATION_UNIT
+ value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}
+ - name: LOCATION
+ value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Location }}
+ - name: STATE
+ value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2State }}
+ - name: COUNTRY
+ value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Country }}
+ - name: KEYSTORE_PATH
+ value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePath }}
+ - name: KEYSTORE_PASSWORD
+ value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePassword }}
+ - name: TRUSTSTORE_PATH
+ value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePath }}
+ - name: TRUSTSTORE_PASSWORD
+ value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePassword }}
+ terminationMessagePath: /dev/termination-log
+ terminationMessagePolicy: File
+ volumeMounts:
+ - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }}
+ name: certs
+ - mountPath: {{ .Values.global.platform.certServiceClient.secret.mountPath }}
+ name: certservice-tls-volume
+ {{ end }}
+
- name: {{ include "common.name" . }}-chown
- image: "busybox"
- command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} ; chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"]
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ command:
+ - sh
+ args:
+ - -c
+ - chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }}
+{{- if .Values.global.aafEnabled }}
+ - chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}
+{{- end }}
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: {{ .Values.persistence.mdsalPath }}
value: {{ include "common.mariadbService" . }}
- name: JAVA_HOME
value: "{{ .Values.config.javaHome}}"
+ - name: JAVA_OPTS
+ value: "-Xms{{.Values.config.odl.javaOptions.minMemory}} -Xmx{{.Values.config.odl.javaOptions.maxMemory}}"
+ - name: KARAF_CONSOLE_LOG_LEVEL
+ value: "{{ include "common.log.level" . }}"
+ - name: SDNRWT
+ value: "{{ .Values.config.sdnr.enabled | default "false"}}"
+ {{- if eq .Values.config.sdnr.mode "web" }}
+ - name: SDNRDM
+ value: "true"
+ {{- end }}
+ - name: SDNRONLY
+ value: "{{ .Values.config.sdnr.sdnronly | default "false" }}"
+ - name: SDNRDBURL
+ {{- $prefix := ternary "https" "http" .Values.global.aafEnabled}}
+ value: "{{$prefix}}://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+ {{- if .Values.config.sdnr.sdnrdbTrustAllCerts }}
+ - name: SDNRDBTRUSTALLCERTS
+ value: "true"
+ {{ end }}
+
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
- mountPath: /opt/opendaylight/current/etc/org.ops4j.pax.logging.cfg
name: sdnc-logging-cfg-config
subPath: org.ops4j.pax.logging.cfg
- - mountPath: {{ .Values.config.binDir }}/startODL.sh
- name: bin
- subPath: startODL.sh
- mountPath: {{ .Values.config.binDir }}/installSdncDb.sh
name: bin
subPath: installSdncDb.sh
- mountPath: {{ .Values.config.odl.binDir }}/setenv
name: properties
subPath: setenv
+ - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-registrar.properties
+ name: properties
+ subPath: mountpoint-registrar.properties
+ - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-state-provider.properties
+ name: properties
+ subPath: mountpoint-state-provider.properties
+ {{ if .Values.global.cmpv2Enabled }}
+ - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }}
+ name: certs
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
- name: properties
emptyDir:
medium: Memory
+ {{ if .Values.global.cmpv2Enabled }}
+ - name: certs
+ emptyDir:
+ medium: Memory
+ - name: certservice-tls-volume
+ secret:
+ secretName: {{ .Values.global.platform.certServiceClient.secret.name }}
+ {{- end }}
{{ if not .Values.persistence.enabled }}
- name: {{ include "common.fullname" . }}-data
emptyDir: {}
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence:
service: mariadb-galera
internalPort: 3306
nameOverride: mariadb-galera
+ # Enabling CMPv2
+ cmpv2Enabled: true
+ platform:
+ certServiceClient:
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+ secret:
+ name: oom-cert-service-client-tls-secret
+ mountPath: /etc/onap/oom/certservice/certs/
+ envVariables:
+ # Certificate related
+ cert_path: /var/custom-certs
+ cmpv2Organization: "Linux-Foundation"
+ cmpv2OrganizationalUnit: "ONAP"
+ cmpv2Location: "San-Francisco"
+ cmpv2Country: "US"
+ # Client configuration related
+ caName: "RA"
+ common_name: "sdnc.simpledemo.onap.org"
+ requestURL: "https://oom-cert-service:8443/v1/certificate/"
+ requestTimeout: "30000"
+ keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
+ outputType: "P12"
+ keystorePassword: "secret"
+ truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
+ truststorePassword: "secret"
#################################################################
# Secrets metaconfig
login: '{{ .Values.config.scaleoutUser }}'
password: '{{ .Values.config.scaleoutPassword }}'
passwordPolicy: required
-
#################################################################
# Application configuration defaults.
#################################################################
# application images
+
repository: nexus3.onap.org:10001
pullPolicy: Always
-image: onap/sdnc-image:1.8.4
-
+image: onap/sdnc-image:2.0.4
+busyboxRepository: docker.io
+busyboxImage: busybox:1.30
# flag to enable debugging - application support required
debugEnabled: false
logstashPort: 5044
ansibleServiceName: sdnc-ansible-server
ansiblePort: 8000
- javaHome: /usr/lib/jvm/java-1.8-openjdk
+ javaHome: /opt/java/openjdk
odl:
etcDir: /opt/opendaylight/etc
binDir: /opt/opendaylight/bin
+ gcLogDir: /opt/opendaylight/data/log
salConfigDir: /opt/opendaylight/system/org/opendaylight/controller/sal-clustering-config
- salConfigVersion: 1.8.2
+ salConfigVersion: 1.9.1
akka:
seedNodeTimeout: 15s
circuitBreaker:
javaOptions:
maxGCPauseMillis: 100
parallelGCThreads : 3
- numberGGLogFiles: 10
+ numberGCLogFiles: 10
+ minMemory: 512m
+ maxMemory: 2048m
+ gcLogOptions: ""
+ # Next line enables gc logging
+ # gcLogOptions: "-Xlog:gc=trace:file={{.Values.config.odl.gcLogDir}}/gc-%t.log}:time,level,tags:filecount={{.Values.config.odl.javaOptions.numberGCLogFiles}}"
+ # enables sdnr functionality
+ sdnr:
+ enabled: true
+ # mode: web - SDNC contains device manager only plus dedicated webserver service for ODLUX (default),
+ # mode: dm - SDNC contains sdnr device manager + ODLUX components
+ mode: dm
+ # sdnronly: true starts sdnc container with odl and sdnrwt features only
+ sdnronly: false
+ sdnrdbTrustAllCerts: true
+ mountpointRegistrarEnabled: false
+ mountpointStateProviderEnabled: false
+
+
# dependency / sub-chart configuration
certInitializer:
nameOverride: sdnc-cert-initializer
+ truststoreMountpath: /opt/onap/sdnc/data/stores
fqdn: "sdnc"
app_ns: "org.osaaf.aaf"
fqi: "sdnc@sdnc.onap.org"
cd /opt/app/osaaf/local;
/opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1
+# dependency / sub-chart configuration
+network-name-gen:
+ enabled: true
mariadb-galera: &mariadbGalera
nameOverride: sdnc-db
config: &mariadbGaleraConfig
enabled: false
dmaap-listener:
+ enabled: true
nameOverride: sdnc-dmaap-listener
mariadb-galera:
<<: *mariadbGalera
odlCredsExternalSecret: *odlCredsSecretName
ueb-listener:
+ enabled: true
mariadb-galera:
<<: *mariadbGalera
config:
configDir: /opt/onap/sdnc/data/properties
odlCredsExternalSecret: *odlCredsSecretName
-sdnc-portal:
- mariadb-galera:
- <<: *mariadbGalera
- config:
- <<: *mariadbGaleraConfig
- mysqlDatabase: *sdncDbName
- config:
- sdncChartName: sdnc
- configDir: /opt/onap/sdnc/data/properties
- odlCredsExternalSecret: *odlCredsSecretName
-
sdnc-ansible-server:
+ enabled: true
config:
restCredsExternalSecret: *ansibleSecretName
mariadb-galera:
internalPort: 8000
dgbuilder:
+ enabled: true
nameOverride: sdnc-dgbuilder
+ certInitializer:
+ nameOverride: sdnc-dgbuilder-cert-initializer
config:
db:
dbName: *sdncDbName
- baseaddr: "sdnc-dgbuilder"
name: "sdnc-dgbuilder"
port: 3000
+ - baseaddr: "sdnc-web-service"
+ name: "sdnc-web-service"
+ port: 8443
config:
ssl: "redirect"
+
+
# local elasticsearch cluster
localElasticCluster: true
elasticsearch:
- nameOverride: sdnrdb
+ nameOverride: &elasticSearchName sdnrdb
name: sdnrdb-cluster
certInitializer:
fqdn: "sdnc"
fqi_namespace: org.onap.sdnc
fqi: "sdnc@sdnc.onap.org"
service:
- name: sdnrdb
-
+ name: *elasticSearchName
master:
replicaCount: 3
# dedicatednode: "yes"
# dedicatednode: "no"
# handles master and data node functionality
dedicatednode: "no"
- nameOverride: sdnrdb
-
- curator:
- enabled: true
- nameOverride: sdnrdb
- data:
- enabled: true
- replicaCount: 1
- nameOverride: sdnrdb
-
-
+ nameOverride: *elasticSearchName
+ cluster_name: *elasticSearchName
+# enable
+sdnc-web:
+ enabled: true
# default number of instances
replicaCount: 1
mountSubPath: sdnc/mdsal
mdsalPath: /opt/opendaylight/current/daexim
+certpersistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 50Mi
+ mountPath: /dockerdata-nfs
+ mountSubPath: sdnc/certs
+ certPath: /opt/app/osaaf
+ ##storageClass: "manual"
+
ingress:
enabled: false
service:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
template:
metadata:
labels:
spec:
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License
+*/}}
apiVersion: v1
kind: Service
nodePortPrefix: 302
# application image
-repository: nexus3.onap.org:10001
image: onap/sniroemulator:1.0.0
pullPolicy: IfNotPresent
.project
.idea/
*.tmproj
+components/
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright © 2020 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-server:
- port: {{ index .Values.containerPort }}
- tomcat:
- max-threads: 50
- ssl-enable: false
-mso:
- logPath: ./logs/soappcorch
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}}
- msoKey: {{ .Values.global.app.msoKey }}
- config:
- {{ if eq .Values.global.security.aaf.enabled true }}
- cadi: {{ include "cadi.keys" . | nindent 8}}
- {{- else }}
- cadi:
- aafId: {{ .Values.mso.basicUser }}
- {{- end }}
- workflow:
- endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
- topics:
- retryMultiplier: 1000
-appc:
- client:
- topic:
- read:
- name: {{ .Values.appc.client.topic.read.name }}
- timeout: {{ .Values.appc.client.topic.read.timeout }}
- write: {{ .Values.appc.client.topic.write }}
- sdnc:
- read: {{ .Values.appc.client.topic.sdnc.read }}
- write: {{ .Values.appc.client.topic.sdnc.write }}
- response:
- timeout: {{ .Values.appc.client.response.timeout }}
- key: {{ .Values.appc.client.key }}
- secret: {{ .Values.appc.client.secret }}
- service: ueb
- poolMembers: message-router.{{ include "common.namespace" . }}:3904,message-router.{{ include "common.namespace" . }}:3904
-spring:
- security:
- usercredentials:
- -
- username: ${ACTUATOR_USERNAME}
- password: ${ACTUATOR_PASSWORD}
- role: ACTUATOR
+++ /dev/null
-# Copyright © 2020 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-app-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2020 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- selector: {{- include "common.selectors" . | nindent 4 }}
- replicas: {{ index .Values.replicaCount }}
- minReadySeconds: {{ index .Values.minReadySeconds }}
- strategy:
- type: {{ index .Values.updateStrategy.type }}
- rollingUpdate:
- maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
- maxSurge: {{ index .Values.updateStrategy.maxSurge }}
- template:
- metadata:
- labels: {{- include "common.labels" . | nindent 8 }}
- spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- - name: {{ include "common.name" . }}-pass-encoder
- command:
- - sh
- args:
- {{/* bcrypt plain text and convert to OpenBSD variant using sed */}}
- - -c
- - htpasswd -bnBC 10 "" "${ACTUATOR_PASSWORD}" | tr -d ':\n' | sed 's/\$2y/\$2a/' 1>/tmp/app/encoded;
- env:
- - name: ACTUATOR_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 10 }}
- image: {{ .Values.global.dockerHubRepository }}/{{ .Values.global.htpasswdImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: encoder
- mountPath: /tmp/app
- containers:
- - name: {{ include "common.name" . }}
- command:
- - sh
- args:
- - -c
- - export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"; ./start-app.sh
- image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources: {{ include "common.resources" . | nindent 12 }}
- env:
- - name: ACTUATOR_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 10 }}
- envFrom:
- - configMapRef:
- name: {{ include "common.fullname" . }}-configmap
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports: {{- include "common.containerPorts" . | nindent 10 }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- - name: logs
- mountPath: /app/logs
- - name: encoder
- mountPath: /tmp/app
- - name: config
- mountPath: /app/config
- readOnly: true
-{{ include "helpers.livenessProbe" .| indent 8 }}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- - name: logs
- emptyDir: {}
- - name: encoder
- emptyDir:
- medium: Memory
- - name: config
- configMap:
- name: {{ include "common.fullname" . }}-app-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2020 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.service" . }}
+++ /dev/null
-# Copyright © 2020 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- persistence:
- mountPath: /dockerdata-nfs
- htpasswdImage: xmartlabs/htpasswd
- dockerHubRepository: docker.io
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-user-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
- login: '{{ .Values.db.userName }}'
- password: '{{ .Values.db.userPassword }}'
- passwordPolicy: required
- - uid: db-admin-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
- login: '{{ .Values.db.adminName }}'
- password: '{{ .Values.db.adminPassword }}'
- passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- - uid: server-actuator-creds
- name: '{{ include "common.release" . }}-so-appc-actuator-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
- login: '{{ .Values.server.actuator.username }}'
- password: '{{ .Values.server.actuator.password }}'
- passwordPolicy: required
-
-#secretsFilePaths: |
-# - 'my file 1'
-# - '{{ include "templateThatGeneratesFileName" . }}'
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/so-appc-orchestrator:1.6.4
-pullPolicy: Always
-
-db:
- userName: so_user
- userPassword: so_User123
- # userCredsExternalSecret: some secret
- adminName: so_admin
- adminPassword: so_Admin123
- # adminCredsExternalSecret: some secret
-server:
- actuator:
- username: mso_admin
- password: password1$
-replicaCount: 1
-minReadySeconds: 10
-containerPort: 8080
-logPath: ./logs/soappcorch
-app: appc-orchestrator
-service:
- name: so-appc-orchestrator
- type: ClusterIP
- ports:
- - port: 8080
- name: http
-updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-livenessProbe:
- path: /manage/health
- port: 8083
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
-ingress:
- enabled: false
-nodeSelector: {}
-tolerations: []
-affinity: {}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-appVersion: "1.0"
-description: A Helm chart for Kubernetes
-name: so-bpmn-infra
-version: 6.0.0
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-aai:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
- dme2:
- timeout: '30000'
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- workflowAaiDistributionDelay: PT30S
- pnfEntryNotificationTimeout: P14D
-cds:
- endpoint: cds-blueprints-processor-grpc
- port: 9111
- auth: {{ .Values.cds.auth }}
- timeout: 600
-camunda:
- bpm:
- admin-user:
- id: admin
- password: admin
- history-level: full
- job-execution:
- max-pool-size: 30
- core-pool-size: 3
-entitymanager:
- packagesToScan: com
-pnf:
- dmaap:
- host: message-router
- port: 3904
- protocol: http
- uriPathPrefix: events
- topicName: unauthenticated.PNF_READY
- consumerGroup: consumerGroup
- consumerId: consumerId
- topicListenerDelayInSeconds: 5
-bpelURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081
-msb-ip: msb-iag
-msb-port: 80
-mso:
- rainyDay:
- retryDurationMultiplier: 2
- maxRetries: 5
- msoKey: {{ .Values.mso.key }}
- correlation:
- timeout: 60
- logPath: logs
- config:
- cadi: {{ include "cadi.keys" . | nindent 8}}
- async:
- core-pool-size: 50
- max-pool-size: 50
- queue-capacity: 500
- adapters:
- completemsoprocess:
- endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/CompleteMsoProcess
- requestDb:
- endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}}
- db:
- auth: {{ .Values.mso.adapters.db.auth }}
- password: {{ .Values.mso.adapters.db.password }}
- endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter
- spring:
- endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- network:
- endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/NetworkAdapter
- rest:
- endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/networks
- openecomp:
- db:
- endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter
- po:
- auth: {{ .Values.mso.adapters.po.auth }}
- sdnc:
- endpoint: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/SDNCAdapter
- rest:
- endpoint: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/v1/sdnc
- timeout: PT60M
- tenant:
- endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/TenantAdapter
- vnf:
- endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAdapter
- rest:
- endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/vnfs
- volume-groups:
- rest:
- endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/volume-groups
- vnf-async:
- endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAsync
- vfc:
- rest:
- endpoint: http://so-vfc-adapter.{{ include "common.namespace" . }}:8084/services/v1/vfcadapter
- workflow:
- message:
- endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
- nssmf:
- endpoint: http://so-nssmf-adapter.{{ include "common.namespace" . }}:8088
- bpmn:
- process:
- historyTimeToLive: '30'
- callbackRetryAttempts: '5'
- catalog:
- db:
- endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082/ecomp/mso/catalog
- spring:
- endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
- db:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
- default:
- adapter:
- namespace: http://org.onap.mso
- healthcheck:
- log:
- debug: 'false'
- infra:
- endpoint:
- url: http://so.{{ include "common.namespace" . }}:8080/onap/so/infra
- customer:
- id: testCustIdInfra
- po:
- timeout: PT60M
- request:
- db:
- endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/
- rollback: 'true'
- sdnc:
- password: {{ .Values.mso.sdnc.password }}
- service:
- agnostic:
- sniro:
- endpoint: /sniro/api/v2/placement
- host: http://sniro-emulator:80
- site-name: CamundaEngine
- sniro:
- auth: {{ .Values.mso.sniro.auth }}
- callback: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/adapters/rest/SDNCNotify
- endpoint: {{ .Values.mso.sniro.endpoint }}
- timeout: PT30M
- oof:
- auth: {{ .Values.mso.oof.auth }}
- callbackEndpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
- endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698
- timeout: PT30M
- workflow:
- CreateGenericVNFV1:
- aai:
- volume-group:
- uri: /aai/v6/cloud-infrastructure/volume-groups/volume-group
- default:
- aai:
- version: '14'
- cloud-region:
- version: '14'
- generic-vnf:
- version: '14'
- v14:
- customer:
- uri: /aai/v14/business/customers/customer
- generic-query:
- uri: /aai/v14/search/generic-query
- generic-vnf:
- uri: /aai/v14/network/generic-vnfs/generic-vnf
- l3-network:
- uri: /aai/v14/network/l3-networks/l3-network
- network-policy:
- uri: /aai/v14/network/network-policies/network-policy
- nodes-query:
- uri: /aai/v14/search/nodes-query
- route-table-reference:
- uri: /aai/v14/network/route-table-references/route-table-reference
- tenant:
- uri: /aai/v14/cloud-infrastructure/cloud-regions/cloud-region/CloudOwner/RegionOne/tenants/tenant
- vce:
- uri: /aai/v14/network/vces/vce
- vpn-binding:
- uri: /aai/v14/network/vpn-bindings/vpn-binding
- sp-partner:
- uri: /aai/v14/business/sp-partners/sp-partner
- device:
- uri: /aai/v14/network/devices/device
- v11:
- customer:
- uri: /aai/v11/business/customers/customer
- generic-query:
- uri: /aai/v11/search/generic-query
- generic-vnf:
- uri: /aai/v11/network/generic-vnfs/generic-vnf
- l3-network:
- uri: /aai/v11/network/l3-networks/l3-network
- network-policy:
- uri: /aai/v11/network/network-policies/network-policy
- nodes-query:
- uri: /aai/v11/search/nodes-query
- route-table-reference:
- uri: /aai/v11/network/route-table-references/route-table-reference
- tenant:
- uri: /aai/v11/cloud-infrastructure/cloud-regions/cloud-region/CloudOwner/RegionOne/tenants/tenant
- vce:
- uri: /aai/v11/network/vces/vce
- vpn-binding:
- uri: /aai/v11/network/vpn-bindings/vpn-binding
- v8:
- configuration:
- uri: /aai/v11/network/configurations/configuration
- customer:
- uri: /aai/v8/business/customers/customer
- generic-query:
- uri: /aai/v8/search/generic-query
- l3-network:
- uri: /aai/v8/network/l3-networks/l3-network
- network-policy:
- uri: /aai/v8/network/network-policies/network-policy
- nodes-query:
- uri: /aai/v8/search/nodes-query
- route-table-reference:
- uri: /aai/v8/network/route-table-references/route-table-reference
- tenant:
- uri: /aai/v8/cloud-infrastructure/cloud-regions/cloud-region/CloudOwner/RegionOne/tenants/tenant
- vce:
- uri: /aai/v8/network/vces/vce
- vpn-binding:
- uri: /aai/v8/network/vpn-bindings/vpn-binding
- v9:
- cloud-region:
- uri: /aai/v9/cloud-infrastructure/cloud-regions/cloud-region/CloudOwner
- generic-vnf:
- uri: /aai/v9/network/generic-vnfs/generic-vnf
- retry:
- attempts: '1'
- deleteCinderVolumeV1:
- aai:
- volume-group:
- uri: /aai/v6/cloud-infrastructure/volume-groups/volume-group
- global:
- default:
- aai:
- namespace: http://org.onap.aai.inventory/
- version: 14
- message:
- endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
- notification:
- name: GenericNotificationServiceATT
- sdnc:
- replication:
- delay: PT60S
- sdncadapter:
- callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService
- vnfadapter:
- create:
- callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/vnfAdapterNotify
- delete:
- callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/vnfAdapterNotify
- query:
- callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/vnfAdapterNotify
- rollback:
- callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/vnfAdapterNotify
- use:
- qualified:
- host: false
- global:
- dmaap:
- username: testuser
- password: alRyMzJ3NUNeakxl
- host: http://10.42.111.36:904
- publisher:
- topic: replaceme
- naming:
- endpoint: http://naming.demo.onap.com:8081/web/service/v1/genNetworkElementName
- auth: Basic bTA0NzY4QG5vbi1wcm9kLm1zby5lY29tcC5hdHQuY29tOkF0dG0wNDc2OExpZmUhQA==
-policy:
- auth: Basic dGVzdHBkcDphbHBoYTEyMw==
- default:
- disposition: Skip
- client:
- auth: Basic bTAzNzQzOnBvbGljeVIwY2sk
- endpoint: http://pdp.{{ include "common.namespace" . }}:8081/pdp/api/
- environment: TEST
-sdnc:
- auth: Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==
- host: http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}
- path: /restconf/operations/GENERIC-RESOURCE-API
- si:
- svc:
- types: PORT-MIRROR,PPROBE
- dmaap:
- host: http://message-router.{{ include "common.namespace" . }}:3904
- timeout: 30000
- lcm:
- path: '/restconf/operations/LCM:'
- actionTimeout: 300000
- dmapp:
- readTopic: SDNC-LCM-WRITE
- writeTopic: SDNC-LCM-READ
-appc:
- client:
- topic:
- read:
- name: APPC-LCM-WRITE
- timeout: 360000
- write: APPC-LCM-READ
- sdnc:
- read: SDNC-LCM-WRITE
- write: SDNC-LCM-READ
- response:
- timeout: 360000
- key: VIlbtVl6YLhNUrtU
- secret: 64AG2hF4pYeG2pq7CT6XwUOT
- service: ueb
- poolMembers: message-router.{{ include "common.namespace" . }}:3904,message-router.{{ include "common.namespace" . }}:3904
-sniro:
- conductor:
- enabled: true
- host: http://sniro-emulator:80
- uri: /v1/release-orders
- headers.auth: Basic dGVzdDp0ZXN0cHdk
- manager:
- timeout: PT30M
- host: http://sniro-emulator:80
- uri.v1: /sniro/api/v2/placement
- uri.v2: /sniro/api/placement/v2
- headers.auth: Basic dGVzdDp0ZXN0cHdk
- headers.patchVersion: 1
- headers.minorVersion: 1
- headers.latestVersion: 2
-server:
- port: {{ index .Values.containerPort }}
- tomcat:
- max-threads: 50
-spring:
- datasource:
- hikari:
- jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn
- username: ${DB_USERNAME}
- password: ${DB_PASSWORD}
- driver-class-name: org.mariadb.jdbc.Driver
- pool-name: bpmn-pool
- registerMbeans: true
- security:
- usercredentials:
- -
- username: apihBpmn
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: BPMN-Client
- -
- username: sdncaBpmn
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: BPMN-Client
- -
- username: poBpmn
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: BPMN-Client
- -
- username: wmaBpmn
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: BPMN-Client
- -
- username: sniro
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: SNIRO-Client
- -
- username: mso_admin
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: ACTUATOR
-so:
- vnfm:
- adapter:
- url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/
- auth: {{ .Values.so.vnfm.adapter.auth }}
-org:
- onap:
- so:
- cloud-owner: CloudOwner
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-app-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
-
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ index .Values.replicaCount }}
- minReadySeconds: {{ index .Values.minReadySeconds }}
- strategy:
- type: {{ index .Values.updateStrategy.type }}
- rollingUpdate:
- maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
- maxSurge: {{ index .Values.updateStrategy.maxSurge }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- - command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-so-mariadb-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- env:
- - name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
- - name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
- - name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- - name: DB_ADMIN_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- - name: DB_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
- - name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- - name: KEYSTORE
- value: /app/org.onap.so.jks
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
- envFrom:
- - configMapRef:
- name: {{ include "common.fullname" . }}-configmap
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- - name: logs
- mountPath: /app/logs
- - name: config
- mountPath: /app/config
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
-{{ include "helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}
- protocol: TCP
- # Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: logs
- mountPath: /var/log/onap/so
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- - name: logs
- emptyDir: {}
- - name: config
- configMap:
- name: {{ include "common.fullname" . }}-app-configmap
- - name: {{ include "common.fullname" . }}-log-conf
- configMap:
- name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ .Release.Name }}-so-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- persistence:
- mountPath: /dockerdata-nfs
- #This configuration specifies Service and port for SDNC OAM interface
- sdncOamService: sdnc-oam
- sdncOamPort: 8282
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-user-creds
- name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
- login: '{{ .Values.db.userName }}'
- password: '{{ .Values.db.userPassword }}'
- passwordPolicy: required
- - uid: db-admin-creds
- name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
- login: '{{ .Values.db.adminName }}'
- password: '{{ .Values.db.adminPassword }}'
- passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
-
-#secretsFilePaths: |
-# - 'my file 1'
-# - '{{ include "templateThatGeneratesFileName" . }}'
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/bpmn-infra:1.6.4
-pullPolicy: Always
-
-db:
- userName: so_user
- userPassword: so_User123
- # userCredsExternalSecret: some secret
- adminName: so_admin
- adminPassword: so_Admin123
- # adminCredsExternalSecret: some secret
-replicaCount: 1
-minReadySeconds: 10
-containerPort: 8081
-logPath: ./logs/bpmn/
-app: so-bpmn-infra
-service:
- type: ClusterIP
- internalPort: 8081
- externalPort: 8081
- portName: so-bpmn-port
-updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-# Resource Limit flavor -By Default using small
-flavor: large
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-livenessProbe:
- path: /manage/health
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
-ingress:
- enabled: false
-nodeSelector: {}
-tolerations: []
-affinity: {}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-server:
- port: {{ index .Values.containerPort }}
- tomcat:
- max-threads: 50
-ssl-enable: false
-mso:
- logPath: logs
- site-name: onapheat
- config:
- cadi: {{ include "cadi.keys" . | nindent 8}}
- catalog:
- db:
- spring:
- endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
- db:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}}
-spring:
- datasource:
- hikari:
- jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb
- username: ${DB_USERNAME}
- password: ${DB_PASSWORD}
- driver-class-name: org.mariadb.jdbc.Driver
- pool-name: catdb-pool
- registerMbeans: true
- security:
- usercredentials:
- -
- username: bpel
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: BPEL-Client
- -
- username: mso_admin
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: ACTUATOR
-#Actuator
-management:
- context-path: /manage
-cloud_config:
- identity_services:
- RAX_KEYSTONE:
- identity_url: "https://identity.api.rackspacecloud.com/v2.0"
- mso_id: "RACKSPACE_ACCOUNT_ID"
- mso_pass: "RACKSPACE_ACCOUNT_APIKEY"
- admin_tenant: "{{ .Values.config.openStackServiceTenantName }}"
- member_role: "admin"
- tenant_metadata: true
- identity_server_type: "KEYSTONE"
- identity_authentication_type: "RACKSPACE_APIKEY"
- project_domain_name: "PROJECT_DOMAIN_NAME"
- user_domain_name: "USER_DOMAIN_NAME"
- DEFAULT_KEYSTONE:
- identity_url: "{{ .Values.config.openStackKeyStoneUrl }}"
- mso_id: "{{ .Values.config.openStackUserName }}"
- mso_pass: "{{ .Values.config.openStackEncryptedPasswordHere }}"
- admin_tenant: "{{ .Values.config.openStackServiceTenantName }}"
- member_role: "admin"
- tenant_metadata: true
- identity_server_type: "{{ .Values.config.openStackKeystoneVersion }}"
- identity_authentication_type: "USERNAME_PASSWORD"
- project_domain_name: "{{ .Values.config.openStackProjectDomainName }}"
- user_domain_name: "{{ .Values.config.openStackUserDomainName }}"
- cloud_sites:
- Dallas:
- region_id: "DFW"
- clli: "DFW"
- aic_version: "2.5"
- identity_service_id: "RAX_KEYSTONE"
- Northern Virginia:
- region_id: "IAD"
- clli: "IAD"
- aic_version: "2.5"
- identity_service_id: "RAX_KEYSTONE"
- Chicago:
- region_id: "ORD"
- clli: "ORD"
- aic_version: "2.5"
- identity_service_id: "RAX_KEYSTONE"
- RegionOne:
- region_id: "RegionOne"
- clli: "RegionOne"
- aic_version: "2.5"
- identity_service_id: "DEFAULT_KEYSTONE"
- DEFAULT:
- region_id: "{{ .Values.config.openStackRegion }}"
- clli: "{{ .Values.config.openStackRegion }}"
- aic_version: "2.5"
- identity_service_id: "DEFAULT_KEYSTONE"
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-app-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ index .Values.replicaCount }}
- minReadySeconds: {{ index .Values.minReadySeconds }}
- strategy:
- type: {{ index .Values.updateStrategy.type }}
- rollingUpdate:
- maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
- maxSurge: {{ index .Values.updateStrategy.maxSurge }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- - command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-so-mariadb-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- env:
- - name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
- - name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
- - name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- - name: DB_ADMIN_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- - name: DB_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
- - name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- - name: KEYSTORE
- value: /app/org.onap.so.jks
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
- envFrom:
- - configMapRef:
- name: {{ include "common.fullname" . }}-configmap
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- - name: logs
- mountPath: /app/logs
- - name: config
- mountPath: /app/config
- readOnly: true
-{{ include "helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}
- protocol: TCP
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- - name: logs
- emptyDir: {}
- - name: config
- configMap:
- name: {{ include "common.fullname" . }}-app-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- persistence:
- mountPath: /dockerdata-nfs
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-user-creds
- name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-user-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
- login: '{{ .Values.db.userName }}'
- password: '{{ .Values.db.userPassword }}'
- passwordPolicy: required
- - uid: db-admin-creds
- name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-admin-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
- login: '{{ .Values.db.adminName }}'
- password: '{{ .Values.db.adminPassword }}'
- passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
-
-#secretsFilePaths: |
-# - 'my file 1'
-# - '{{ include "templateThatGeneratesFileName" . }}'
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/catalog-db-adapter:1.6.4
-pullPolicy: Always
-
-db:
- userName: so_user
- userPassword: so_User123
- # userCredsExternalSecret: some secret
- adminName: so_admin
- adminPassword: so_Admin123
- # adminCredsExternalSecret: some secret
-
-replicaCount: 1
-minReadySeconds: 10
-containerPort: 8082
-logPath: ./logs/catdb/
-app: catalog-db-adapter
-service:
- type: ClusterIP
- internalPort: 8082
- externalPort: 8082
- portName: so-catdb-port
-updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-livenessProbe:
- path: /manage/health
- port: 8082
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
-ingress:
- enabled: false
-config:
- openStackUserName: "vnf_user"
- openStackRegion: "RegionOne"
- openStackKeyStoneUrl: "http://1.2.3.4:5000/v2.0"
- openStackServiceTenantName: "service"
- openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
- openStackTenantId: "d570c718cbc545029f40e50b75eb13df"
- openStackProjectDomainName: "openStackProjectDomainName"
- openStackUserDomainName: "openStackUserDomainName"
- # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3
- openStackKeystoneVersion: "KEYSTONE"
-nodeSelector: {}
-tolerations: []
-affinity: {}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-description: A Helm chart for DB secrets
-name: so-db-secrets
-version: 6.0.0
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.release" . }}-so-db-secrets
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
- mariadb.readwrite.host : {{ .Values.global.mariadbGalera.serviceName | b64enc | quote }}
- mariadb.readwrite.port : {{ .Values.global.mariadbGalera.servicePort | b64enc | quote }}
- mariadb.readwrite.rolename: {{ .Values.db_username | b64enc | quote }}
- mariadb.readwrite.password: {{ .Values.db_password | b64enc | quote }}
- mariadb.admin.rolename: {{ .Values.db_admin_username| b64enc | quote }}
- mariadb.admin.password: {{ .Values.db_admin_password | b64enc | quote }}
-type: Opaque
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-db_admin_username: so_admin
-db_admin_password: so_Admin123
-db_username: so_user
-db_password: so_User123
-
+++ /dev/null
-#!/bin/sh
-#
-# ============LICENSE_START==========================================
-# ===================================================================
-# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
-# ===================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END============================================
-#
-# ECOMP and OpenECOMP are trademarks
-# and service marks of AT&T Intellectual Property.
-#
-
-echo "Creating camundabpmn database . . ." 1>/tmp/mariadb-camundabpmn.log 2>&1
-
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
-DROP DATABASE IF EXISTS camundabpmn;
-CREATE DATABASE camundabpmn;
-DROP USER IF EXISTS '${CAMUNDA_DB_USER}';
-CREATE USER '${CAMUNDA_DB_USER}';
-GRANT ALL on camundabpmn.* to '${CAMUNDA_DB_USER}' identified by '${CAMUNDA_DB_PASSWORD}' with GRANT OPTION;
-FLUSH PRIVILEGES;
-EOF
-
-cd /docker-entrypoint-initdb.d/db-sql-scripts
-
-mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_engine_7.10.0.sql || exit 1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_identity_7.10.0.sql || exit 1
-
-echo "Created camundabpmn database . . ." 1>>/tmp/mariadb-camundabpmn.log 2>&1
+++ /dev/null
-#!/bin/sh
-#
-# ============LICENSE_START==========================================
-# ===================================================================
-# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
-# ===================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END============================================
-#
-# ECOMP and OpenECOMP are trademarks
-# and service marks of AT&T Intellectual Property.
-#
-
-echo "Creating requestdb database . . ." 1>/tmp/mariadb-requestdb.log 2>&1
-
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
-DROP DATABASE IF EXISTS requestdb;
-CREATE DATABASE /*!32312 IF NOT EXISTS*/ requestdb /*!40100 DEFAULT CHARACTER SET latin1 */;
-DROP USER IF EXISTS '${REQUEST_DB_USER}';
-CREATE USER '${REQUEST_DB_USER}';
-GRANT ALL on requestdb.* to '${REQUEST_DB_USER}' identified by '${REQUEST_DB_PASSWORD}' with GRANT OPTION;
-FLUSH PRIVILEGES;
-EOF
-
-echo "Created requestdb database . . ." 1>>/tmp/mariadb-requestdb.log 2>&1
+++ /dev/null
-#!/bin/sh
-#
-# ============LICENSE_START==========================================
-# ===================================================================
-# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
-# ===================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END============================================
-#
-# ECOMP and OpenECOMP are trademarks
-# and service marks of AT&T Intellectual Property.
-#
-
-echo "Creating catalogdb database . . ." 1>/tmp/mariadb-catalogdb.log 2>&1
-
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
-DROP DATABASE IF EXISTS catalogdb;
-CREATE DATABASE /*!32312 IF NOT EXISTS*/ catalogdb /*!40100 DEFAULT CHARACTER SET latin1 */;
-DROP USER IF EXISTS '${CATALOG_DB_USER}';
-CREATE USER '${CATALOG_DB_USER}';
-GRANT ALL on catalogdb.* to '${CATALOG_DB_USER}' identified by '${CATALOG_DB_PASSWORD}' with GRANT OPTION;
-FLUSH PRIVILEGES;
-EOF
-
-echo "Created catalogdb database . . ." 1>>/tmp/mariadb-catalogdb.log 2>&1
+++ /dev/null
-#!/bin/sh
-#
-# ============LICENSE_START==========================================
-# ===================================================================
-# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
-# ===================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END============================================
-#
-# ECOMP and OpenECOMP are trademarks
-# and service marks of AT&T Intellectual Property.
-#
-
-echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1
-
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
-DROP USER IF EXISTS '${DB_USER}';
-CREATE USER '${DB_USER}';
-GRANT USAGE ON *.* TO '${DB_USER}'@'%' IDENTIFIED BY '${DB_PASSWORD}';
-GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON requestdb.* TO '${DB_USER}'@'%';
-GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON catalogdb.* TO '${DB_USER}'@'%';
-GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON camundabpmn.* TO '${DB_USER}'@'%';
-FLUSH PRIVILEGES;
-EOF
-
-echo "Created so user . . ." 1>>/tmp/mariadb-so-user.log 2>&1
+++ /dev/null
-#!/bin/sh
-#
-# ============LICENSE_START==========================================
-# ===================================================================
-# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
-# ===================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END============================================
-#
-# ECOMP and OpenECOMP are trademarks
-# and service marks of AT&T Intellectual Property.
-#
-
-echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1
-
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
-DROP USER IF EXISTS '${DB_ADMIN}';
-CREATE USER '${DB_ADMIN}';
-GRANT USAGE ON *.* TO '${DB_ADMIN}'@'%' IDENTIFIED BY '${DB_ADMIN_PASSWORD}';
-GRANT ALL PRIVILEGES ON camundabpmn.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
-GRANT ALL PRIVILEGES ON requestdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
-GRANT ALL PRIVILEGES ON catalogdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
-FLUSH PRIVILEGES;
-EOF
-
-echo "Created so admin user . . ." 1>>/tmp/mariadb-so-admin.log 2>&1
+++ /dev/null
-# Copyright 2018 © Samsung Electronics Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-mariadb-sh
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-mariadb-sql
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/docker-entrypoint-initdb.d/db-sql-scripts/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-{{- if .Values.global.migration.enabled }}
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-backup
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- "helm.sh/hook": pre-upgrade,pre-install
- "helm.sh/hook-weight": "1"
- "helm.sh/hook-delete-policy": before-hook-creation
-spec:
- backoffLimit: 20
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- spec:
- containers:
- - name: {{ include "common.fullname" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: DB_HOST
- value: {{ .Values.global.migration.dbHost }}
- - name: DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-backup-creds" "key" "login") | indent 10 }}
- - name: DB_PORT
- value: "{{ .Values.global.migration.dbPort }}"
- - name: DB_PASS
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-backup-creds" "key" "password") | indent 10 }}
- command:
- - /bin/bash
- - -c
- - mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb > /var/data/mariadb/backup-`date +%s`.sql
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: backup-storage
- mountPath: /var/data/mariadb
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: backup-storage
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-migration
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Never
----
-{{- end }}
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-config-job
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- "helm.sh/hook": post-upgrade,post-rollback,post-install
- "helm.sh/hook-weight": "0"
- "helm.sh/hook-delete-policy": before-hook-creation
-spec:
- backoffLimit: 20
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.global.mariadbGalera.nameOverride }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /bin/bash
- - -c
- - >
- mysql() { /usr/bin/mysql -h ${DB_HOST} -P ${DB_PORT} "$@"; };
- export -f mysql;
- mysql --user=root --password=${MYSQL_ROOT_PASSWORD} requestdb -e exit > /dev/null 2>&1 {{ if not .Values.global.migration.enabled }} && echo "Database already initialized!!!" && exit 0 {{ end }};
- for f in /docker-entrypoint-initdb.d/*; do case "$f" in *.sh) echo "$0: running $f"; . "$f" ;; *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; *) echo "$0: ignoring $f" ;; esac; echo; done;
- {{- if .Values.global.migration.enabled }}
- mysql -vv --user=root --password=${MYSQL_ROOT_PASSWORD} < `ls -tr /var/data/mariadb/* | tail -1`;
- {{- end }}
- env:
- - name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
- - name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
- - name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }}
- - name: DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- - name: DB_ADMIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- - name: DB_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- - name: CAMUNDA_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "camunda-db-creds" "key" "login") | indent 10 }}
- - name: CAMUNDA_DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "camunda-db-creds" "key" "password") | indent 10 }}
- - name: REQUEST_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "request-db-creds" "key" "login") | indent 10 }}
- - name: REQUEST_DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "request-db-creds" "key" "password") | indent 10 }}
- - name: CATALOG_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "login") | indent 10 }}
- - name: CATALOG_DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: docker-entrypoint-initdb-d-sh
- mountPath: "/docker-entrypoint-initdb.d"
- - name: docker-entrypoint-initdb-d-sql
- mountPath: "/docker-entrypoint-initdb.d/db-sql-scripts"
- {{- if .Values.global.migration.enabled }}
- - name: backup-storage
- mountPath: /var/data/mariadb
- {{- end }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: docker-entrypoint-initdb-d-sh
- configMap:
- name: {{ include "common.fullname" . }}-mariadb-sh
- - name: docker-entrypoint-initdb-d-sql
- configMap:
- name: {{ include "common.fullname" . }}-mariadb-sql
- {{- if .Values.global.migration.enabled }}
- - name: backup-storage
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-migration
- {{- end }}
- restartPolicy: Never
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# Default values for mariadb.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- ubuntuInitRepository: registry.hub.docker.com
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-root-pass
- name: '{{ include "common.release" . }}-so-mariadb-root-pass'
- type: password
- externalSecret: '{{ tpl (default "" .Values.db.rootPasswordExternalSecret) . }}'
- password: '{{ .Values.db.rootPassword }}'
- passwordPolicy: required
- - uid: db-backup-creds
- name: '{{ include "common.release" . }}-so-mariadb-backup-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.backupCredsExternalSecret) . }}'
- login: '{{ .Values.db.backupUser }}'
- password: '{{ .Values.db.backupPassword }}'
- passwordPolicy: required
- annotations:
- helm.sh/hook: pre-upgrade,pre-install
- helm.sh/hook-weight: "0"
- helm.sh/hook-delete-policy: before-hook-creation
- - uid: db-user-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
- login: '{{ .Values.db.userName }}'
- password: '{{ .Values.db.userPassword }}'
- - uid: db-admin-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
- login: '{{ .Values.db.adminName }}'
- password: '{{ .Values.db.adminPassword }}'
- - uid: camunda-db-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.camunda.dbCredsExternalSecret) . }}'
- login: '{{ .Values.db.camunda.userName }}'
- password: '{{ .Values.db.camunda.password }}'
- - uid: request-db-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.request.dbCredsExternalSecret) . }}'
- login: '{{ .Values.db.request.userName }}'
- password: '{{ .Values.db.request.password }}'
- - uid: catalog-db-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.catalog.dbCredsExternalSecret) . }}'
- login: '{{ .Values.db.catalog.userName }}'
- password: '{{ .Values.db.catalog.password }}'
-
-
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: mariadb:10.1.38
-pullPolicy: Always
-ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-
-# db config
-db:
- rootPassword: secretpassword
- # rootPasswordExternalSecret: some secret
- backupPassword: secretpassword
- backupUser: root
- # backupCredsExternalSecret: some secret
- userName: so_user
- userPassword: so_User123
- # userCredsExternalSecret: some secret
- adminName: so_admin
- adminPassword: so_Admin123
- # adminCredsExternalSecret: some secret
- camunda:
- userName: camundauser
- password: camunda123
- # dbCredsExternalSecret: some secret
- request:
- userName: requestuser
- password: request123
- # dbCredsExternalSecret: some secret
- catalog:
- userName: cataloguser
- password: catalog123
- # dbCredsExternalSecret: some secret
-
-# application configuration
-config:
- # gerrit branch where the latest heat code is checked in
- gerritBranch: master
- # gerrit project where the latest heat code is checked in
- gerritProject: http://gerrit.onap.org/r/so/docker-config.git
-# default number of instances
-nodeSelector: {}
-affinity: {}
-
-ingress:
- enabled: false
-
-# Resource Limit flavor
-flavor: small
-
-resources:
- small:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 1
- memory: 2Gi
- large:
- limits:
- cpu: 4
- memory: 8Gi
- requests:
- cpu: 2
- memory: 4Gi
- unlimited: {}
-
-persistence:
- enabled: true
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteMany
- size: 2Gi
-
- mountPath: /dockerdata-nfs
- mountSubPath: so/migration
+++ /dev/null
-server:
- port: {{ index .Values.containerPort }}
- tomcat:
- max-threads: 50
-ssl-enable: false
-camunda:
- rest:
- api:
- url: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine/engine/
- engine: default
- auth: Basic YXBpaEJwbW46cGFzc3dvcmQxJA==
-mso:
- database:
- rest:
- api:
- url: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/infraActiveRequests/
- auth: Basic YnBlbDpwYXNzd29yZDEk
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-# @author: gareth.roper@ericsson.com
-apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-app-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-# @author: gareth.roper@ericsson.com
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ index .Values.replicaCount }}
- minReadySeconds: {{ index .Values.minReadySeconds }}
- strategy:
- type: {{ index .Values.updateStrategy.type }}
- rollingUpdate:
- maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
- maxSurge: {{ index .Values.updateStrategy.maxSurge }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- - name: so-chown
- image: alpine:3.6
- volumeMounts:
- - name: logs
- mountPath: /app/logs
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /app/logs"]
- restartPolicy: Always
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- env:
- - name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
- - name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
- - name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- - name: DB_ADMIN_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- - name: DB_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- envFrom:
- - configMapRef:
- name: {{ include "common.fullname" . }}-configmap
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- - name: logs
- mountPath: /app/logs
- - name: config
- mountPath: /app/config
- readOnly: true
- readinessProbe:
- tcpSocket:
- port: {{ index .Values.readinessProbe.port }}
- initialDelaySeconds: {{ index .Values.readinessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.readinessProbe.periodSeconds}}
- livenessProbe:
- tcpSocket:
- port: {{ index .Values.livenessProbe.port }}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
-
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}
- protocol: TCP
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- - name: logs
- emptyDir: {}
- - name: config
- configMap:
- name: {{ include "common.fullname" . }}-app-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{ include "common.ingress" . }}
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-# @author: gareth.roper@ericsson.com
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
-
-
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-# @author: gareth.roper@ericsson.com
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- persistence:
- mountPath: /dockerdata-nfs
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-user-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
- login: '{{ .Values.db.userName }}'
- password: '{{ .Values.db.userPassword }}'
- passwordPolicy: required
- - uid: db-admin-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
- login: '{{ .Values.db.adminName }}'
- password: '{{ .Values.db.adminPassword }}'
- passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
-
-#secretsFilePaths: |
-# - 'my file 1'
-# - '{{ include "templateThatGeneratesFileName" . }}'
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.6.4
-pullPolicy: Always
-
-db:
- userName: so_user
- userPassword: so_User123
- # userCredsExternalSecret: some secret
- adminName: so_admin
- adminPassword: so_Admin123
- # adminCredsExternalSecret: some secret
-
-replicaCount: 1
-minReadySeconds: 10
-containerPort: 9091
-logPath: app/logs/
-app: so-monitoring
-service:
-#Since this is a feature for monitoring the service type is changed to internal, users can change it to NodePort on need basis...
- type: ClusterIP
- nodePort: 24
- internalPort: 9091
- externalPort: 9091
- portName: so-monitor-port
-updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-# Resource Limit flavor -By Default using small
-flavor: small
-#Segregation for different environment (Small or large)
-resources:
- small:
- requests:
- memory: 1Gi
- cpu: 10m
- limits:
- memory: 4Gi
- cpu: 1
- large:
- requests:
- memory: 2Gi
- cpu: 20m
- limits:
- memory: 8Gi
- cpu: 2
-readinessProbe:
- port: 9091
- initialDelaySeconds: 20
- periodSeconds: 10
- timeoutSeconds: 10
-livenessProbe:
- port: 9091
- initialDelaySeconds: 40
- periodSeconds: 10
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
-ingress:
- enabled: false
- service:
- - baseaddr: "somonitoring"
- name: "so-monitoring"
- port: 9091
- config:
- ssl: "none"
-nodeSelector: {}
-tolerations: []
-affinity: {}
+++ /dev/null
-# Copyright © 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-aai:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
-logging:
- path: logs
-spring:
- datasource:
- jdbc-url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb
- username: ${DB_USERNAME}
- password: ${DB_PASSWORD}
- driver-class-name: org.mariadb.jdbc.Driver
- jpa:
- show-sql: false
- hibernate:
- dialect: org.hibernate.dialect.MySQL5Dialect
- ddl-auto: validate
- naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy
- enable-lazy-load-no-trans: true
- security:
- usercredentials:
- - username: ${BPEL_USERNAME}
- password: ${BPEL_PASSWORD}
- role: BPEL-Client
- - username: ${ACTUATOR_USERNAME}
- password: ${ACTUATOR_PASSWORD}
- role: ACTUATOR
-server:
- port: {{ index .Values.containerPort }}
- tomcat:
- max-threads: 50
-
-mso:
- site-name: localSite
- logPath: ./logs/nssmf
- msb-ip: msb-iag.{{ include "common.namespace" . }}
- msb-port: 80
- adapters:
- requestDb:
- endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
-#Actuator
-management:
- endpoints:
- web:
- base-path: /manage
- exposure:
- include: "*"
- metrics:
- se-global-registry: false
- export:
- prometheus:
- enabled: true # Whether exporting of metrics to Prometheus is enabled.
- step: 1m # Step size (i.e. reporting frequency) to use.
+++ /dev/null
-# Copyright © 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: ConfigMap
-metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }}
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
----
-apiVersion: v1
-kind: ConfigMap
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-data:
-{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- selector: {{- include "common.selectors" . | nindent 4 }}
- replicas: {{ index .Values.replicaCount }}
- minReadySeconds: {{ index .Values.minReadySeconds }}
- strategy:
- type: {{ index .Values.updateStrategy.type }}
- rollingUpdate:
- maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
- maxSurge: {{ index .Values.updateStrategy.maxSurge }}
- template:
- metadata:
- labels: {{- include "common.labels" . | nindent 8 }}
- spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-so-mariadb-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- containers:
- - name: {{ include "common.name" . }}
- command:
- - sh
- args:
- - -c
- - export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; ./start-app.sh
- image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources: {{ include "common.resources" . | nindent 12 }}
- ports: {{- include "common.containerPorts" . | nindent 12 }}
- env:
- - name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
- - name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
- - name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }}
- - name: DB_ADMIN_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
- - name: DB_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
- - name: TRUSTSTORE
- value: {{ .Values.global.client.certs.truststore }}
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- - name: BPEL_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "login") | indent 14 }}
- - name: BPEL_PASSWORD_INPUT
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "password") | indent 14 }}
- - name: ACTUATOR_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
- - name: ACTUATOR_PASSWORD_INPUT
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
- - name: KEYSTORE
- value: {{ .Values.global.client.certs.keystore }}
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
- envFrom:
- - configMapRef:
- name: {{ include "common.fullname" . }}-env
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }}
- - name: logs
- mountPath: /app/logs
- - name: config
- mountPath: /app/config
- readOnly: true
- - name: {{ include "common.fullname" . }}-truststore
- mountPath: /app/client
- readOnly: true
- livenessProbe:
- httpGet:
- path: {{ index .Values.livenessProbe.path}}
- port: {{ index .Values.containerPort }}
- scheme: {{ index .Values.livenessProbe.scheme}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
- volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
- - name: logs
- emptyDir: {}
- - name: config
- configMap:
- name: {{ include "common.fullname" . }}
- - name: {{ include "common.fullname" . }}-truststore
- secret:
- secretName: {{ include "common.release" . }}-so-truststore-secret
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.service" . }}
+++ /dev/null
-# Copyright © 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- persistence:
- mountPath: /dockerdata-nfs
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-user-creds
- name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
- login: '{{ .Values.db.userName }}'
- password: '{{ .Values.db.userPassword }}'
- passwordPolicy: required
- - uid: db-admin-creds
- name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
- login: '{{ .Values.db.adminName }}'
- password: '{{ .Values.db.adminPassword }}'
- passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- - uid: server-bpel-creds
- name: '{{ include "common.release" . }}-so-server-bpel-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}'
- login: '{{ .Values.server.bpel.username }}'
- password: '{{ .Values.server.bpel.password }}'
- passwordPolicy: required
- - uid: server-actuator-creds
- name: '{{ include "common.release" . }}-so-server-actuator-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
- login: '{{ .Values.server.actuator.username }}'
- password: '{{ .Values.server.actuator.password }}'
- passwordPolicy: required
-
-
-#secretsFilePaths: |
-# - 'my file 1'
-# - '{{ include "templateThatGeneratesFileName" . }}'
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/nssmf-adapter:1.6.4
-pullPolicy: Always
-
-db:
- userName: so_user
- userPassword: so_User123
- # userCredsExternalSecret: some secret
- adminName: so_admin
- adminPassword: so_Admin123
- # adminCredsExternalSecret: some secret
-server:
- actuator:
- username: mso_admin
- password: password1$
- bpel:
- username: bpel
- password: password1$
-
-replicaCount: 1
-minReadySeconds: 10
-containerPort: 8088
-logPath: ./logs/nssmf/
-app: nssmf-adapter
-service:
- type: ClusterIP
- ports:
- - name: api
- port: 8088
-updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-livenessProbe:
- path: /manage/health
- port: 8088
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
-ingress:
- enabled: false
-nodeSelector: {}
-tolerations: []
-affinity: {}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-aai:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
-server:
- port: {{ index .Values.containerPort }}
-spring:
- datasource:
- hikari:
- jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb
- username: ${DB_USERNAME}
- password: ${DB_PASSWORD}
- driver-class-name: org.mariadb.jdbc.Driver
- pool-name: catdb-pool
- registerMbeans: false
- security:
- usercredentials:
- -
- username: sdnc
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: SDNC-Client
- -
- username: sitecontrol
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: SiteControl-Client
- -
- username: bpel
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: BPEL-Client
- -
- username: sniro
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: SNIRO-Client
- -
- username: apih
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: MSO-Client
- -
- username: mso_admin
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: ACTUATOR
-org:
- onap:
- so:
- adapters:
- default_keystone_url_version: /v2.0
- default_keystone_reg_ex: "/[vV][0-9]"
- vnf:
- bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
- checkRequiredParameters: true
- addGetFilesOnVolumeReq: false
- sockettimeout: 30
- connecttimeout: 30
- retrycount: 5
- retryinterval: -15
- retrylist: 408,429,500,502,503,504,900
- valet_enabled: false
- fail_requests_on_valet_failure: false
- network:
- bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
- sockettimeout: 5
- connecttimeout: 5
- retrycount: 5
- retryinterval: -15
- retrylist: 408,429,500,502,503,504,900
- encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
- tenant:
- default_keystone_url_version: /v2.0
- default_keystone_reg_ex: "/[vV][0-9]"
- default_tenant_description: Tenant
- default_region_type: single
- default_user_role: admin
- default_success_status_string: Success
- default_no_regions_status_string: no regions
- default_quota_value: 10
- set_default_quota: false
-ecomp:
- mso:
- adapters:
- po:
- retryCodes: 504
- retryDelay: 5
- retryCount: 3
- pollTimeout: 7500
- pollInterval: 15
-mso:
- adapters:
- requestDb:
- endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
- logPath: ./logs/openstack
- msb-ip: msb-iag
- msb-port: 443
- msb-scheme: https
- workflow:
- endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
- msoKey: {{ .Values.mso.msoKey }}
- config:
- {{ if eq .Values.global.security.aaf.enabled true }}
- cadi: {{ include "cadi.keys" . | nindent 8}}
- {{- else }}
- cadi:
- aafId: {{ .Values.mso.basicUser }}
- {{- end }}
- catalog:
- db:
- spring:
- endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
- db:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
- site-name: localDevEnv
- async:
- core-pool-size: 50
- max-pool-size: 50
- queue-capacity: 500
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-app-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ index .Values.replicaCount }}
- minReadySeconds: {{ index .Values.minReadySeconds }}
- strategy:
- type: {{ index .Values.updateStrategy.type }}
- rollingUpdate:
- maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
- maxSurge: {{ index .Values.updateStrategy.maxSurge }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- - command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-so-mariadb-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- env:
- - name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
- - name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
- - name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- - name: DB_ADMIN_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- - name: DB_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
- - name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- - name: KEYSTORE
- value: /app/org.onap.so.jks
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
- envFrom:
- - configMapRef:
- name: {{ include "common.fullname" . }}-configmap
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- - name: logs
- mountPath: /app/logs
- - name: config
- mountPath: /app/config
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
-{{ include "helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}
- protocol: TCP
- # Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: logs
- mountPath: /var/log/onap/so
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- - name: logs
- emptyDir: {}
- - name: config
- configMap:
- name: {{ include "common.fullname" . }}-app-configmap
- - name: {{ include "common.fullname" . }}-log-conf
- configMap:
- name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ .Release.Name }}-so-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- persistence:
- mountPath: /dockerdata-nfs
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-user-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
- login: '{{ .Values.db.userName }}'
- password: '{{ .Values.db.userPassword }}'
- passwordPolicy: required
- - uid: db-admin-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
- login: '{{ .Values.db.adminName }}'
- password: '{{ .Values.db.adminPassword }}'
- passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
-
-#secretsFilePaths: |
-# - 'my file 1'
-# - '{{ include "templateThatGeneratesFileName" . }}'
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-image: onap/so/openstack-adapter:1.6.4
-pullPolicy: Always
-repository: nexus3.onap.org:10001
-
-db:
- userName: so_user
- userPassword: so_User123
- # userCredsExternalSecret: some secret
- adminName: so_admin
- adminPassword: so_Admin123
- # adminCredsExternalSecret: some secret
-
-replicaCount: 1
-minReadySeconds: 10
-containerPort: 8087
-logPath: ./logs/openstack/
-app: openstack-adapter
-service:
- type: ClusterIP
- internalPort: 8087
- externalPort: 8087
- portName: so-optack-port
-updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-livenessProbe:
- path: /manage/health
- port: 8087
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
-ingress:
- enabled: false
-config:
- openStackUserName: "vnf_user"
- openStackRegion: "RegionOne"
- openStackKeyStoneUrl: "http://1.2.3.4:5000/v2.0"
- openStackServiceTenantName: "service"
- openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
- openStackTenantId: "d570c718cbc545029f40e50b75eb13df"
-nodeSelector: {}
-tolerations: []
-affinity: {}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# will be used as entry in DB to say SITE OFF/ON for healthcheck
-server:
- port: {{ index .Values.containerPort }}
- tomcat:
- max-threads: 50
-ssl-enable: false
-mso:
- logPath: logs
- site-name: localSite
- config:
- cadi: {{- include "cadi.keys" . | nindent 8}}
- adapters:
- requestDb:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
- endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
-spring:
- datasource:
- hikari:
- jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb
- username: ${DB_USERNAME}
- password: ${DB_PASSWORD}
- driver-class-name: org.mariadb.jdbc.Driver
- pool-name: reqdb-pool
- registerMbeans: true
- security:
- usercredentials:
- -
- username: bpel
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: BPEL-Client
- -
- username: mso_admin
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: ACTUATOR
-#Actuator
-management:
- context-path: /manage
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-app-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ index .Values.replicaCount }}
- minReadySeconds: {{ index .Values.minReadySeconds }}
- strategy:
- type: {{ index .Values.updateStrategy.type }}
- rollingUpdate:
- maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
- maxSurge: {{ index .Values.updateStrategy.maxSurge }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- - command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-so-mariadb-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- env:
- - name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
- - name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
- - name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- - name: DB_ADMIN_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- - name: DB_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
- - name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- - name: KEYSTORE
- value: /app/org.onap.so.jks
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
- envFrom:
- - configMapRef:
- name: {{ include "common.fullname" . }}-configmap
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- - name: logs
- mountPath: /app/logs
- - name: config
- mountPath: /app/config
- readOnly: true
-{{ include "helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}
- protocol: TCP
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- - name: logs
- emptyDir: {}
- - name: config
- configMap:
- name: {{ include "common.fullname" . }}-app-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- persistence:
- mountPath: /dockerdata-nfs
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-user-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
- login: '{{ .Values.db.userName }}'
- password: '{{ .Values.db.userPassword }}'
- passwordPolicy: required
- - uid: db-admin-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
- login: '{{ .Values.db.adminName }}'
- password: '{{ .Values.db.adminPassword }}'
- passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
-
-#secretsFilePaths: |
-# - 'my file 1'
-# - '{{ include "templateThatGeneratesFileName" . }}'
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/request-db-adapter:1.6.4
-pullPolicy: Always
-
-db:
- userName: so_user
- userPassword: so_User123
- # userCredsExternalSecret: some secret
- adminName: so_admin
- adminPassword: so_Admin123
- # adminCredsExternalSecret: some secret
-
-replicaCount: 1
-minReadySeconds: 10
-containerPort: 8083
-logPath: ./logs/reqdb/
-app: request-db-adapter
-service:
- type: ClusterIP
- internalPort: 8083
- externalPort: 8083
- portName: so-reqdb-port
-updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-livenessProbe:
- path: /manage/health
- port: 8083
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
-ingress:
- enabled: false
-nodeSelector: {}
-tolerations: []
-affinity: {}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-aai:
- auth: {{.Values.aai.auth}}
-server:
- port: {{ index .Values.containerPort }}
-spring:
- datasource:
- hikari:
- jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb
- username: ${DB_USERNAME}
- password: ${DB_PASSWORD}
- driver-class-name: org.mariadb.jdbc.Driver
- pool-name: catdb-pool
- registerMbeans: false
- security:
- usercredentials:
- -
- username: asdc
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: Asdc-Client
- -
- username: mso_admin
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: ACTUATOR
-request:
- datasource:
- hikari:
- jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb
- username: ${DB_USERNAME}
- password: ${DB_PASSWORD}
- driver-class-name: org.mariadb.jdbc.Driver
- pool-name: reqdb-pool
- registerMbeans: false
-mso:
- msoKey: {{ index .Values.mso.msoKey }}
- logPath: ./logs/sdc
- config:
- cadi: {{ include "cadi.keys" . | nindent 8}}
- catalog:
- db:
- spring:
- endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
- db:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
- site-name: onapheat
- camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
- adapters:
- requestDb:
- endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
- aai:
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- asdc-connections:
- asdc-controller1:
- user: mso
- consumerGroup: SO-OpenSource-Env11
- consumerId: SO-COpenSource-Env11
- environmentName: AUTO
- asdcAddress: sdc-be.{{ include "common.namespace" . }}:8443
- password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }}
- pollingInterval: 60
- pollingTimeout: 60
- relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL
- useHttpsWithDmaap: false
- activateServerTLSAuth: false
- keyStorePassword:
- keyStorePath:
- watchDogTimeout: 300
- isFitlerInEmptyResources: true
- messageBusAddress: message-router.{{ include "common.namespace" . }},message-router.{{ include "common.namespace" . }}
- asdc:
- config:
- activity:
- endpoint: http://sdc-wfd-be:8080
- key: {{ .Values.mso.asdc.config.key }}
- components:
- count: 3,
- componentNames: SO,AAI,SDNC
- scheduling:
- enabled: false
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-app-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ index .Values.replicaCount }}
- minReadySeconds: {{ index .Values.minReadySeconds }}
- strategy:
- type: {{ index .Values.updateStrategy.type }}
- rollingUpdate:
- maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
- maxSurge: {{ index .Values.updateStrategy.maxSurge }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- - command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-so-mariadb-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- env:
- - name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
- - name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
- - name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- - name: DB_ADMIN_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- - name: DB_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
- - name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- - name: KEYSTORE
- value: /app/org.onap.so.jks
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
- envFrom:
- - configMapRef:
- name: {{ include "common.fullname" . }}-configmap
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- - name: logs
- mountPath: /app/logs
- - name: config
- mountPath: /app/config
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
-{{ include "helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}
- protocol: TCP
- # Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: logs
- mountPath: /var/log/onap/so
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- - name: logs
- emptyDir: {}
- - name: config
- configMap:
- name: {{ include "common.fullname" . }}-app-configmap
- - name: {{ include "common.fullname" . }}-log-conf
- configMap:
- name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ .Release.Name }}-so-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- persistence:
- mountPath: /dockerdata-nfs
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-user-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
- login: '{{ .Values.db.userName }}'
- password: '{{ .Values.db.userPassword }}'
- passwordPolicy: required
- - uid: db-admin-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
- login: '{{ .Values.db.adminName }}'
- password: '{{ .Values.db.adminPassword }}'
- passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
-
-#secretsFilePaths: |
-# - 'my file 1'
-# - '{{ include "templateThatGeneratesFileName" . }}'
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/sdc-controller:1.6.4
-pullPolicy: Always
-
-db:
- userName: so_user
- userPassword: so_User123
- # userCredsExternalSecret: some secret
- adminName: so_admin
- adminPassword: so_Admin123
- # adminCredsExternalSecret: some secret
-
-replicaCount: 1
-minReadySeconds: 10
-containerPort: 8085
-logPath: ./logs/sdc/
-app: sdc-controller
-service:
- type: ClusterIP
- internalPort: 8085
- externalPort: 8085
- portName: so-sdc-port
-updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-livenessProbe:
- path: /manage/health
- port: 8085
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
-ingress:
- enabled: false
-nodeSelector: {}
-tolerations: []
-affinity: {}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-server:
- port: {{ index .Values.containerPort }}
-mso:
- async:
- core-pool-size: 50
- max-pool-size: 50
- queue-capacity: 500
- logPath: ./logs/sdnc
- config:
- cadi: {{ include "cadi.keys" . | nindent 14}}
- catalog:
- db:
- spring:
- endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
- db:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
- site-name: onapheat
-org:
- onap:
- so:
- adapters:
- sdnc:
- '.':
- put: PUT|60000|sdncurl5|
- query: GET|60000|sdncurl2|
- restdelete: DELETE|60000|sdncurl5|
- '':
- brg-topology-operation:
- activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- contrail-route-topology-operation:
- activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- network-topology-operation:
- activate: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- assign: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- changeassign: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- reserve: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- port-mirror-topology-operation:
- activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- disable: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- enable: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- security-zone-topology-operation:
- activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- service-homing-operation:
- homing: POST|60000|sdncurl3|sdnc-homing-header|com:att:sdnctl:aicHoming
- service-topology-operation:
- assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- rollback: POST|270000|sdncur10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- svc-topology-operation:
- activate: POST|285000|sdncurl8|sdnc-request-header|com:att:sdnctl:nbncapi
- assign: POST|285000|sdncurl8|sdnc-request-header|com:att:sdnctl:nbncapi
- delete: POST|285000|sdncurl8|sdnc-request-header|com:att:sdnctl:nbncapi
- vnf-topology-aic-operation:
- activate: POST|270000|sdncurl11|sdnc-request-header|com:att:sdnctl:vnftopologyaic
- assign: POST|270000|sdncurl11|sdnc-request-header|com:att:sdnctl:vnftopologyaic
- tunnelxconn-topology-operation:
- activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- vnf-topology-operation:
- activate: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- assign: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- changeassign: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}}
- bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService
- opticalservice:
- optical-service-create:
- create: POST|270000|sdncurl13|sdnc-request-header|org:onap:sdnc:northbound:optical-service
- optical-service-delete:
- delete: POST|270000|sdncurl13|sdnc-request-header|org:onap:sdnc:northbound:optical-service
- generic-resource:
- network-topology-operation:
- create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- vf-module-topology-operation:
- create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- changeassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- changedelete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- rollback: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- vnf-topology-operation:
- create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- changeassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- changedelete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- rollback: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
- infra:
- '':
- query: GET|60000|sdncurl5|
- mobility:
- '':
- query: GET|60000|sdncurl5|
- myurl: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/SDNCNotify
- rest:
- bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
- sdncauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}}
- sdncconnecttime: 5000
- sdncurl10: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/GENERIC-RESOURCE-API:'
- sdncurl11: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNFTOPOLOGYAIC-API:'
- sdncurl12: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/'
- sdncurl13: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/opticalservice:'
- sdncurl5: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/config'
- sdncurl6: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNF-API:'
- sdncurl7: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/L3UCPE-API:'
- sdncurl8: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/NBNC-API:'
- sdncurl9: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/NORTHBOUND-API:service-topology-operation'
- sdncurl20: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/LCM:'
- service:
- infra:
- service-topology-infra-activate-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1
- service-topology-infra-assign-operation: POST|120000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1
- service-topology-infra-delete-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1
- service-topology-infra-release-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1
- vfmodule:
- '':
- query: GET|60000|sdncurl12|
- lcm:
- download-n-e-sw: POST|1800000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
- activate-n-e-sw: POST|300000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
- upgrade-pre-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
- upgrade-post-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
- default: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
- network:
- encryptionKey: {{ index .Values.org.onap.so.adapters.sdnc.network.encryptionKey }}
-spring:
- security:
- usercredentials:
- -
- username: sdnc
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: SDNC-Client
- -
- username: sitecontrol
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: SiteControl-Client
- -
- username: bpel
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: BPEL-Client
- -
- username: sniro
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: SNIRO-Client
- -
- username: apih
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: MSO-Client
- -
- username: mso_admin
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: ACTUATOR
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-app-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ index .Values.replicaCount }}
- minReadySeconds: {{ index .Values.minReadySeconds }}
- strategy:
- type: {{ index .Values.updateStrategy.type }}
- rollingUpdate:
- maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
- maxSurge: {{ index .Values.updateStrategy.maxSurge }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- env:
- - name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
- - name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
- - name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- - name: DB_ADMIN_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- - name: DB_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
- - name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- - name: KEYSTORE
- value: /app/org.onap.so.jks
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
- envFrom:
- - configMapRef:
- name: {{ include "common.fullname" . }}-configmap
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- - name: logs
- mountPath: /app/logs
- - name: config
- mountPath: /app/config
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
-{{ include "helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}
- protocol: TCP
- # Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: logs
- mountPath: /var/log/onap/so
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- - name: logs
- emptyDir: {}
- - name: config
- configMap:
- name: {{ include "common.fullname" . }}-app-configmap
- - name: {{ include "common.fullname" . }}-log-conf
- configMap:
- name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ .Release.Name }}-so-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- persistence:
- mountPath: /dockerdata-nfs
- #This configuration specifies Service and port for SDNC OAM interface
- sdncOamService: sdnc-oam
- sdncOamPort: 8282
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-user-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
- login: '{{ .Values.db.userName }}'
- password: '{{ .Values.db.userPassword }}'
- passwordPolicy: required
- - uid: db-admin-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
- login: '{{ .Values.db.adminName }}'
- password: '{{ .Values.db.adminPassword }}'
- passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
-
-#secretsFilePaths: |
-# - 'my file 1'
-# - '{{ include "templateThatGeneratesFileName" . }}'
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/sdnc-adapter:1.6.4
-pullPolicy: Always
-
-db:
- userName: so_user
- userPassword: so_User123
- # userCredsExternalSecret: some secret
- adminName: so_admin
- adminPassword: so_Admin123
- # adminCredsExternalSecret: some secret
-
-replicaCount: 1
-minReadySeconds: 10
-containerPort: 8086
-logPath: ./logs/sdnc/
-app: sdnc-adapter
-service:
- type: ClusterIP
- internalPort: 8086
- externalPort: 8086
- portName: so-sdnc-port
-updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-livenessProbe:
- path: /manage/health
- port: 8086
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
-ingress:
- enabled: false
-nodeSelector: {}
-tolerations: []
-affinity: {}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-description: A Helm chart for so secrets
-name: so-secrets
-version: 6.0.0
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ .Release.Name }}-so-client-certs-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-data:
- trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }}
- keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}}
-type: Opaque
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.release" . }}-so-truststore-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
+++ /dev/null
-# Copyright © 2020 Samsung# Copyright © 2020 Samsung
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-server:
- port: {{ (index .Values.service.ports 0).port }}
-
-vevnfmadapter:
- endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1
-
-aai:
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
-
-dmaap:
- endpoint: http://message-router.{{ include "common.namespace" . }}:3904
+++ /dev/null
-# Copyright © 2020 Samsung
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels: {{- include "common.labels" . | nindent 4 }}
-data:
- APP: {{ include "common.name" . }}
----
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-app-configmap
- namespace: {{ include "common.namespace" . }}
- labels: {{- include "common.labels" . | nindent 4 }}
-data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | nindent 2 }}
+++ /dev/null
-# Copyright © 2020 Samsung
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- selector: {{- include "common.selectors" . | nindent 4 }}
- replicas: {{ index .Values.replicaCount }}
- template:
- metadata:
- labels: {{- include "common.labels" . | nindent 8 }}
- spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - aai
- - --container-name
- - message-router
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- containers:
- - name: {{ include "common.name" . }}
- envFrom:
- - configMapRef:
- name: {{ include "common.fullname" . }}-configmap
- image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources: {{ include "common.resources" . | nindent 12 }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }}
- - name: logs
- mountPath: /app/logs
- - name: config
- mountPath: /app/config
- readOnly: true
- livenessProbe:
- tcpSocket:
- port: {{ index .Values.livenessProbe.port }}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
- ports: {{- include "common.containerPorts" . | nindent 10 }}
- volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
- - name: logs
- emptyDir: {}
- - name: config
- configMap:
- name: {{ include "common.fullname" . }}-app-configmap
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2020 Samsung
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.service" . }}
+++ /dev/null
-# Copyright © 2020 Samsung
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- persistence:
- mountPath: /dockerdata-nfs
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
-
-#secretsFilePaths: |
-# - 'my file 1'
-# - '{{ include "templateThatGeneratesFileName" . }}'
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-image: onap/so/ve-vnfm-adapter:1.6.4
-pullPolicy: Always
-replicaCount: 1
-service:
- name: ve-vnfm-adapter
- type: ClusterIP
- annotations:
- msb.onap.org/service-info: |
- {{ if not .Values.global.msbDisabled -}}[
- {
- "serviceName": "{{ include "common.servicename" . }}",
- "version": "v1",
- "url": "/",
- "protocol": "REST",
- "port": "{{ (index .Values.service.ports 0).port }}",
- "visualRange": "1"
- }
- ]{{ end }}
- ports:
- - name: http
- port: 9098
-flavor: small
-resources:
- small:
- limits:
- memory: 512Mi
- cpu: 500m
- requests:
- memory: 256Mi
- cpu: 250m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-livenessProbe:
- port: 9098
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
-nodeSelector: {}
-tolerations: []
-affinity: {}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-logging:
- path: logs
-spring:
- datasource:
- hikari:
- driver-class-name: org.mariadb.jdbc.Driver
- jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb
- username: ${DB_USERNAME}
- password: ${DB_PASSWORD}
- pool-name: reqdb-pool
- registerMbeans: true
- security:
- usercredentials:
- - username: bpel
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: BPEL-Client
- - username: mso_admin
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: ACTUATOR
-server:
- port: {{ index .Values.containerPort }}
- tomcat:
- max-threads: 50
-mso:
- site-name: localSite
- logPath: ./logs/vfc
- config:
- cadi: {{ include "cadi.keys" . | nindent 8}}
- msb-ip: msb-iag
- msb-port: 80
- adapters:
- requestDb:
- endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
-#Actuator
-management:
- security:
- enabled: false
- basic:
- enabled: false
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-app-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ index .Values.replicaCount }}
- minReadySeconds: {{ index .Values.minReadySeconds }}
- strategy:
- type: {{ index .Values.updateStrategy.type }}
- rollingUpdate:
- maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
- maxSurge: {{ index .Values.updateStrategy.maxSurge }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- - command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-so-mariadb-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- env:
- - name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
- - name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
- - name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- - name: DB_ADMIN_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- - name: DB_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
- - name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- - name: KEYSTORE
- value: /app/org.onap.so.jks
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
- envFrom:
- - configMapRef:
- name: {{ include "common.fullname" . }}-configmap
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- - name: logs
- mountPath: /app/logs
- - name: config
- mountPath: /app/config
- readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}
- protocol: TCP
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- - name: logs
- emptyDir: {}
- - name: config
- configMap:
- name: {{ include "common.fullname" . }}-app-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- persistence:
- mountPath: /dockerdata-nfs
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-user-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
- login: '{{ .Values.db.userName }}'
- password: '{{ .Values.db.userPassword }}'
- passwordPolicy: required
- - uid: db-admin-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
- login: '{{ .Values.db.adminName }}'
- password: '{{ .Values.db.adminPassword }}'
- passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
-
-#secretsFilePaths: |
-# - 'my file 1'
-# - '{{ include "templateThatGeneratesFileName" . }}'
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/vfc-adapter:1.6.4
-pullPolicy: Always
-
-db:
- userName: so_user
- userPassword: so_User123
- # userCredsExternalSecret: some secret
- adminName: so_admin
- adminPassword: so_Admin123
- # adminCredsExternalSecret: some secret
-
-replicaCount: 1
-minReadySeconds: 10
-containerPort: 8084
-logPath: ./logs/vfc/
-app: vfc-adapter
-service:
- type: ClusterIP
- internalPort: 8084
- externalPort: 8084
- portName: so-vfc-port
-updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-livenessProbe:
- path: /manage/health
- port: 8084
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
-ingress:
- enabled: false
-nodeSelector: {}
-tolerations: []
-affinity: {}
+++ /dev/null
-# Copyright © 2019 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-aai:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
- version: v15
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
-spring:
- security:
- usercredentials:
- - username: vnfm
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: BPEL-Client
- - username: mso_admin
- password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
- role: ACTUATOR
-server:
- port: {{ index .Values.containerPort }}
- ssl:
- key-alias: so@so.onap.org
- key--store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L'
- key-store: classpath:so-vnfm-adapter.p12
- key-store-type: PKCS12
-http:
- client:
- ssl:
- trust-store: classpath:org.onap.so.trust.jks
- trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H'
-mso:
- key: {{ .Values.mso.key }}
- site-name: localSite
- logPath: ./logs/vnfm-adapter
- config:
- cadi: {{ include "cadi.keys" . | nindent 8}}
- msb-ip: msb-iag
- msb-port: 80
-sdc:
- username: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}}
- password: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}}
- key: {{ .Values.sdc.key }}
- endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443
-vnfmadapter:
- endpoint: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092
-etsi-catalog-manager:
- vnfpkgm:
- {{- if .Values.global.msbEnabled }}
- endpoint: https://msb-iag:443/api/vnfpkgm/v1
- http:
- client:
- ssl:
- trust-store: ${TRUSTSTORE}
- trust-store-password: ${TRUSTSTORE_PASSWORD}
- {{- else }}
- endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1
- {{- end }}
+++ /dev/null
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-app-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2019 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ index .Values.replicaCount }}
- minReadySeconds: {{ index .Values.minReadySeconds }}
- strategy:
- type: {{ index .Values.updateStrategy.type }}
- rollingUpdate:
- maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
- maxSurge: {{ index .Values.updateStrategy.maxSurge }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- env:
- - name: TRUSTSTORE
- value: {{ .Values.global.client.certs.truststore }}
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- {{ if eq .Values.global.security.aaf.enabled true }}
- - name: KEYSTORE
- value: {{ .Values.global.client.certs.keystore }}
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
- envFrom:
- - configMapRef:
- name: {{ include "common.fullname" . }}-configmap
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- - name: logs
- mountPath: /app/logs
- - name: config
- mountPath: /app/config
- readOnly: true
- - name: {{ include "common.fullname" . }}-truststore
- mountPath: /app/client
- readonly: true
- livenessProbe:
- tcpSocket:
- port: {{ index .Values.livenessProbe.port }}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}
- protocol: TCP
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- - name: logs
- emptyDir: {}
- - name: config
- configMap:
- name: {{ include "common.fullname" . }}-app-configmap
- - name: {{ include "common.fullname" . }}-truststore
- secret:
- secretName: {{ include "common.release" . }}-so-truststore-secret
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{ include "common.ingress" . }}
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2019 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "{{ include "common.servicename" . }}",
- "version": "v1",
- "url": "/so/vnfm-adapter/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2019 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- persistence:
- mountPath: /dockerdata-nfs
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
-
-#secretsFilePaths: |
-# - 'my file 1'
-# - '{{ include "templateThatGeneratesFileName" . }}'
-
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/vnfm-adapter:1.6.4
-pullPolicy: Always
-
-replicaCount: 1
-minReadySeconds: 10
-containerPort: 9092
-logPath: ./logs/vnfm-adapter/
-app: vnfm-adapter
-service:
- type: NodePort
- internalPort: 9092
- externalPort: 9092
- nodePort: "06"
- portName: so-vnfm-port
-updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-livenessProbe:
- port: 9092
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
-ingress:
- enabled: false
- service:
- - baseaddr: "sovnfmadapter"
- name: "so-vnfm-adapter"
- port: 9092
- config:
- ssl: "redirect"
-nodeSelector: {}
-tolerations: []
-affinity: {}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := soHelpers
+HELM_BIN := helm
+HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+{{/*
+# Copyright © 2020 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+ ssl-enable: false
+mso:
+ logPath: ./logs/soappcorch
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}}
+ msoKey: {{ .Values.global.app.msoKey }}
+ config:
+ {{ if .Values.global.security.aaf.enabled }}
+ cadi: {{ include "so.cadi.keys" . | nindent 8}}
+ {{- else }}
+ cadi:
+ aafId: {{ .Values.mso.basicUser }}
+ {{- end }}
+ workflow:
+ endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
+ topics:
+ retryMultiplier: 1000
+appc:
+ client:
+ topic:
+ read:
+ name: {{ .Values.appc.client.topic.read.name }}
+ timeout: {{ .Values.appc.client.topic.read.timeout }}
+ write: {{ .Values.appc.client.topic.write }}
+ sdnc:
+ read: {{ .Values.appc.client.topic.sdnc.read }}
+ write: {{ .Values.appc.client.topic.sdnc.write }}
+ response:
+ timeout: {{ .Values.appc.client.response.timeout }}
+ key: {{ .Values.appc.client.key }}
+ secret: {{ .Values.appc.client.secret }}
+ service: ueb
+ poolMembers: message-router.{{ include "common.namespace" . }}:3904,message-router.{{ include "common.namespace" . }}:3904
+spring:
+ security:
+ usercredentials:
+ -
+ username: ${ACTUATOR_USERNAME}
+ password: ${ACTUATOR_PASSWORD}
+ role: ACTUATOR
--- /dev/null
+{{/*
+# Copyright © 2020 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2020 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-pass-encoder
+ command:
+ - sh
+ args:
+ {{/* bcrypt plain text and convert to OpenBSD variant using sed */}}
+ - -c
+ - htpasswd -bnBC 10 "" "${ACTUATOR_PASSWORD}" | tr -d ':\n' | sed 's/\$2y/\$2a/' 1>/tmp/app/encoded;
+ env:
+ - name: ACTUATOR_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 10 }}
+ image: {{ include "repositoryGenerator.image.htpasswd" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: encoder
+ mountPath: /tmp/app
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"
+ {{- if .Values.global.aafEnabled }}
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+ {{- end }}
+ {{- end }}
+ /app/start-app.sh
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: ACTUATOR_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 10 }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{- include "common.containerPorts" . | nindent 10 }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: encoder
+ mountPath: /tmp/app
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ - name: logs
+ emptyDir: {}
+ - name: encoder
+ emptyDir:
+ medium: Memory
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2020 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020 AT&T USA
+# Copyright © 2020 Huawei
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ app:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: server-actuator-creds
+ name: '{{ include "common.release" . }}-so-appc-actuator-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
+ login: '{{ .Values.server.actuator.username }}'
+ password: '{{ .Values.server.actuator.password }}'
+ passwordPolicy: required
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/so-appc-orchestrator:1.6.4
+pullPolicy: Always
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+server:
+ actuator:
+ username: mso_admin
+ password: password1$
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 8080
+logPath: ./logs/soappcorch
+app: appc-orchestrator
+service:
+ name: so-appc-orchestrator
+ type: ClusterIP
+ ports:
+ - port: *containerPort
+ name: http
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+# Resource Limit flavor -By Default using small
+flavor: small
+
+
+#################################################################
+# soHelper part
+#################################################################
+
+soHelpers:
+ nameOverride: so-appc-cert-init
+ certInitializer:
+ nameOverride: so-appc-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.openStackAdapterPerm
+ containerPort: *containerPort
+
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: 8083
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
+
+auth:
+ rest:
+ encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+
+mso:
+ auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+ basicUser: poBpmn
+
+appc:
+ client:
+ topic:
+ read:
+ name: APPC-LCM-WRITE
+ timeout: 360000
+ write: APPC-LCM-READ
+ sdnc:
+ read: SDNC-LCM-WRITE
+ write: SDNC-LCM-READ
+ response:
+ timeout: 3600000
+ key: VIlbtVl6YLhNUrtU
+ secret: 64AG2hF4pYeG2pq7CT6XwUOT
+ service: ueb
--- /dev/null
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for SO Bpmn Infra
+name: so-bpmn-infra
+version: 6.0.0
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+aai:
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
+ dme2:
+ timeout: '30000'
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ workflowAaiDistributionDelay: PT30S
+ pnfEntryNotificationTimeout: P14D
+cds:
+ endpoint: cds-blueprints-processor-grpc
+ port: 9111
+ auth: {{ .Values.cds.auth }}
+ timeout: 600
+camunda:
+ bpm:
+ admin-user:
+ id: admin
+ password: admin
+ history-level: full
+ job-execution:
+ max-pool-size: 30
+ core-pool-size: 3
+entitymanager:
+ packagesToScan: com
+pnf:
+ dmaap:
+ host: message-router
+ port: 3904
+ protocol: http
+ uriPathPrefix: events
+ topicName: unauthenticated.PNF_READY
+ consumerGroup: consumerGroup
+ consumerId: consumerId
+ topicListenerDelayInSeconds: 5
+bpelURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081
+msb-ip: msb-iag
+msb-port: 80
+mso:
+ rainyDay:
+ retryDurationMultiplier: 2
+ maxRetries: 5
+ msoKey: {{ .Values.mso.key }}
+ correlation:
+ timeout: 60
+ logPath: logs
+ config:
+ cadi: {{ include "so.cadi.keys" . | nindent 8}}
+ async:
+ core-pool-size: 50
+ max-pool-size: 50
+ queue-capacity: 500
+ adapters:
+ completemsoprocess:
+ endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/CompleteMsoProcess
+ requestDb:
+ endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}}
+ db:
+ auth: {{ .Values.mso.adapters.db.auth }}
+ password: {{ .Values.mso.adapters.db.password }}
+ endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter
+ spring:
+ endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
+ network:
+ endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/NetworkAdapter
+ rest:
+ endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/networks
+ openecomp:
+ db:
+ endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter
+ po:
+ auth: {{ .Values.mso.adapters.po.auth }}
+ sdnc:
+ endpoint: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/SDNCAdapter
+ rest:
+ endpoint: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/v1/sdnc
+ timeout: PT60M
+ tenant:
+ endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/TenantAdapter
+ vnf:
+ endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAdapter
+ rest:
+ endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/{{ .Values.vnf.api.version }}/vnfs
+ volume-groups:
+ rest:
+ endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/volume-groups
+ vnf-async:
+ endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAsync
+ vfc:
+ rest:
+ endpoint: http://so-vfc-adapter.{{ include "common.namespace" . }}:8084/services/v1/vfcadapter
+ workflow:
+ message:
+ endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
+ nssmf:
+ endpoint: http://so-nssmf-adapter.{{ include "common.namespace" . }}:8088
+ oof:
+ endpoint: http://so-oof-adapter.{{ include "common.namespace" . }}:8090/so/adapters/oof/v1
+ timeout: PT5M
+ callback:
+ endpoint: http://so-oof-adapter.{{ include "common.namespace" . }}:8090/so/adapters/oof/callback/v1
+ bpmn:
+ process:
+ historyTimeToLive: '30'
+ callbackRetryAttempts: '5'
+ catalog:
+ db:
+ endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082/ecomp/mso/catalog
+ spring:
+ endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
+ db:
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ default:
+ adapter:
+ namespace: http://org.onap.mso
+ healthcheck:
+ log:
+ debug: 'false'
+ infra:
+ endpoint:
+ url: http://so.{{ include "common.namespace" . }}:8080/onap/so/infra
+ customer:
+ id: testCustIdInfra
+ po:
+ timeout: PT60M
+ request:
+ db:
+ endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/
+ rollback: 'true'
+ sdnc:
+ password: {{ .Values.mso.sdnc.password }}
+ service:
+ agnostic:
+ sniro:
+ endpoint: /sniro/api/v2/placement
+ host: http://sniro-emulator:80
+ site-name: CamundaEngine
+ sniro:
+ auth: {{ .Values.mso.sniro.auth }}
+ callback: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/adapters/rest/SDNCNotify
+ endpoint: {{ .Values.mso.sniro.endpoint }}
+ timeout: PT30M
+ oof:
+ auth: {{ .Values.mso.oof.auth }}
+ callbackEndpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
+ endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698
+ timeout: PT30M
+ workflow:
+ CreateGenericVNFV1:
+ aai:
+ volume-group:
+ uri: /aai/v6/cloud-infrastructure/volume-groups/volume-group
+ default:
+ aai:
+ version: '14'
+ cloud-region:
+ version: '14'
+ generic-vnf:
+ version: '14'
+ v14:
+ customer:
+ uri: /aai/v14/business/customers/customer
+ generic-query:
+ uri: /aai/v14/search/generic-query
+ generic-vnf:
+ uri: /aai/v14/network/generic-vnfs/generic-vnf
+ l3-network:
+ uri: /aai/v14/network/l3-networks/l3-network
+ network-policy:
+ uri: /aai/v14/network/network-policies/network-policy
+ nodes-query:
+ uri: /aai/v14/search/nodes-query
+ route-table-reference:
+ uri: /aai/v14/network/route-table-references/route-table-reference
+ tenant:
+ uri: /aai/v14/cloud-infrastructure/cloud-regions/cloud-region/CloudOwner/RegionOne/tenants/tenant
+ vce:
+ uri: /aai/v14/network/vces/vce
+ vpn-binding:
+ uri: /aai/v14/network/vpn-bindings/vpn-binding
+ sp-partner:
+ uri: /aai/v14/business/sp-partners/sp-partner
+ device:
+ uri: /aai/v14/network/devices/device
+ v11:
+ customer:
+ uri: /aai/v11/business/customers/customer
+ generic-query:
+ uri: /aai/v11/search/generic-query
+ generic-vnf:
+ uri: /aai/v11/network/generic-vnfs/generic-vnf
+ l3-network:
+ uri: /aai/v11/network/l3-networks/l3-network
+ network-policy:
+ uri: /aai/v11/network/network-policies/network-policy
+ nodes-query:
+ uri: /aai/v11/search/nodes-query
+ route-table-reference:
+ uri: /aai/v11/network/route-table-references/route-table-reference
+ tenant:
+ uri: /aai/v11/cloud-infrastructure/cloud-regions/cloud-region/CloudOwner/RegionOne/tenants/tenant
+ vce:
+ uri: /aai/v11/network/vces/vce
+ vpn-binding:
+ uri: /aai/v11/network/vpn-bindings/vpn-binding
+ v8:
+ configuration:
+ uri: /aai/v11/network/configurations/configuration
+ customer:
+ uri: /aai/v8/business/customers/customer
+ generic-query:
+ uri: /aai/v8/search/generic-query
+ l3-network:
+ uri: /aai/v8/network/l3-networks/l3-network
+ network-policy:
+ uri: /aai/v8/network/network-policies/network-policy
+ nodes-query:
+ uri: /aai/v8/search/nodes-query
+ route-table-reference:
+ uri: /aai/v8/network/route-table-references/route-table-reference
+ tenant:
+ uri: /aai/v8/cloud-infrastructure/cloud-regions/cloud-region/CloudOwner/RegionOne/tenants/tenant
+ vce:
+ uri: /aai/v8/network/vces/vce
+ vpn-binding:
+ uri: /aai/v8/network/vpn-bindings/vpn-binding
+ v9:
+ cloud-region:
+ uri: /aai/v9/cloud-infrastructure/cloud-regions/cloud-region/CloudOwner
+ generic-vnf:
+ uri: /aai/v9/network/generic-vnfs/generic-vnf
+ retry:
+ attempts: '1'
+ deleteCinderVolumeV1:
+ aai:
+ volume-group:
+ uri: /aai/v6/cloud-infrastructure/volume-groups/volume-group
+ global:
+ default:
+ aai:
+ namespace: http://org.onap.aai.inventory/
+ version: 14
+ message:
+ endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
+ notification:
+ name: GenericNotificationServiceATT
+ sdnc:
+ replication:
+ delay: PT60S
+ sdncadapter:
+ callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService
+ vnfadapter:
+ create:
+ callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/vnfAdapterNotify
+ delete:
+ callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/vnfAdapterNotify
+ query:
+ callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/vnfAdapterNotify
+ rollback:
+ callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/vnfAdapterNotify
+ use:
+ qualified:
+ host: false
+ global:
+ dmaap:
+ username: testuser
+ password: alRyMzJ3NUNeakxl
+ host: http://10.42.111.36:904
+ publisher:
+ topic: replaceme
+ naming:
+ endpoint: http://naming.demo.onap.com:8081/web/service/v1/genNetworkElementName
+ auth: Basic bTA0NzY4QG5vbi1wcm9kLm1zby5lY29tcC5hdHQuY29tOkF0dG0wNDc2OExpZmUhQA==
+policy:
+ auth: Basic dGVzdHBkcDphbHBoYTEyMw==
+ default:
+ disposition: Skip
+ client:
+ auth: Basic bTAzNzQzOnBvbGljeVIwY2sk
+ endpoint: http://pdp.{{ include "common.namespace" . }}:8081/pdp/api/
+ environment: TEST
+sdnc:
+ auth: Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==
+ host: http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}
+ path: /restconf/operations/GENERIC-RESOURCE-API
+ si:
+ svc:
+ types: PORT-MIRROR,PPROBE
+ dmaap:
+ host: http://message-router.{{ include "common.namespace" . }}:3904
+ timeout: 30000
+ lcm:
+ path: '/restconf/operations/LCM:'
+ actionTimeout: 300000
+ dmapp:
+ readTopic: SDNC-LCM-WRITE
+ writeTopic: SDNC-LCM-READ
+appc:
+ client:
+ topic:
+ read:
+ name: APPC-LCM-WRITE
+ timeout: 360000
+ write: APPC-LCM-READ
+ sdnc:
+ read: SDNC-LCM-WRITE
+ write: SDNC-LCM-READ
+ response:
+ timeout: 360000
+ key: VIlbtVl6YLhNUrtU
+ secret: 64AG2hF4pYeG2pq7CT6XwUOT
+ service: ueb
+ poolMembers: message-router.{{ include "common.namespace" . }}:3904,message-router.{{ include "common.namespace" . }}:3904
+sniro:
+ conductor:
+ enabled: true
+ host: http://sniro-emulator:80
+ uri: /v1/release-orders
+ headers.auth: Basic dGVzdDp0ZXN0cHdk
+ manager:
+ timeout: PT30M
+ host: http://sniro-emulator:80
+ uri.v1: /sniro/api/v2/placement
+ uri.v2: /sniro/api/placement/v2
+ headers.auth: Basic dGVzdDp0ZXN0cHdk
+ headers.patchVersion: 1
+ headers.minorVersion: 1
+ headers.latestVersion: 2
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+spring:
+ datasource:
+ hikari:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: bpmn-pool
+ registerMbeans: true
+ security:
+ usercredentials:
+ -
+ username: apihBpmn
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: BPMN-Client
+ -
+ username: sdncaBpmn
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: BPMN-Client
+ -
+ username: poBpmn
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: BPMN-Client
+ -
+ username: wmaBpmn
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: BPMN-Client
+ -
+ username: sniro
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: SNIRO-Client
+ -
+ username: mso_admin
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: ACTUATOR
+so:
+ vnfm:
+ adapter:
+ url: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/
+ auth: {{ .Values.so.vnfm.adapter.auth }}
+org:
+ onap:
+ so:
+ cloud-owner: CloudOwner
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+ {{- end }}
+ /app/start-app.sh
+ {{- end }}
+ env:
+ - name: DB_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: DB_PORT
+ value: {{ include "common.mariadbPort" . | quote }}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
+ ports:
+ - containerPort: {{ index .Values.containerPort }}
+ name: {{ .Values.service.portName }}
+ protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2018 AT&T USA
+# Copyright © 2020 Huawei
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ persistence:
+ mountPath: /dockerdata-nfs
+ #This configuration specifies Service and port for SDNC OAM interface
+ sdncOamService: sdnc-oam
+ sdncOamPort: 8282
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+readinessCheck:
+ wait_for:
+ - so-mariadb-config
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/bpmn-infra:1.7.10
+pullPolicy: Always
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
+aai:
+ auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885
+
+cds:
+ auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+
+mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+ db:
+ auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
+ password: wLg4sjrAFUS8rfVfdvTXeQ==
+ po:
+ auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
+ sdnc:
+ password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F
+ sniro:
+ auth: test:testpwd
+ oof:
+ auth: test:testpwd
+so:
+ vnfm:
+ adapter:
+ auth: Basic dm5mbTpwYXNzd29yZDEk
+sniro:
+ endpoint: http://replaceme:28090/optimizationInstance/V1/create
+
+vnf:
+ api:
+ version: v2
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 8081
+logPath: ./logs/bpmn/
+app: so-bpmn-infra
+service:
+ type: ClusterIP
+ internalPort: *containerPort
+ externalPort: 8081
+ portName: so-bpmn-port
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+#################################################################
+# soHelper part
+#################################################################
+soHelpers:
+ nameOverride: so-bpmn-cert-init
+ certInitializer:
+ nameOverride: so-bpmn-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.bpmnPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: large
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+ssl-enable: false
+mso:
+ logPath: logs
+ site-name: onapheat
+ config:
+ cadi: {{ include "so.cadi.keys" . | nindent 8}}
+ catalog:
+ db:
+ spring:
+ endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
+ db:
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}}
+spring:
+ datasource:
+ hikari:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: catdb-pool
+ registerMbeans: true
+ security:
+ usercredentials:
+ -
+ username: bpel
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: BPEL-Client
+ -
+ username: mso_admin
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: ACTUATOR
+#Actuator
+management:
+ context-path: /manage
+cloud_config:
+ identity_services:
+ RAX_KEYSTONE:
+ identity_url: "https://identity.api.rackspacecloud.com/v2.0"
+ mso_id: "RACKSPACE_ACCOUNT_ID"
+ mso_pass: "RACKSPACE_ACCOUNT_APIKEY"
+ admin_tenant: "{{ .Values.config.openStackServiceTenantName }}"
+ member_role: "admin"
+ tenant_metadata: true
+ identity_server_type: "KEYSTONE"
+ identity_authentication_type: "RACKSPACE_APIKEY"
+ project_domain_name: "PROJECT_DOMAIN_NAME"
+ user_domain_name: "USER_DOMAIN_NAME"
+ DEFAULT_KEYSTONE:
+ identity_url: "{{ .Values.config.openStackKeyStoneUrl }}"
+ mso_id: "{{ .Values.config.openStackUserName }}"
+ mso_pass: "{{ .Values.config.openStackEncryptedPasswordHere }}"
+ admin_tenant: "{{ .Values.config.openStackServiceTenantName }}"
+ member_role: "admin"
+ tenant_metadata: true
+ identity_server_type: "{{ .Values.config.openStackKeystoneVersion }}"
+ identity_authentication_type: "USERNAME_PASSWORD"
+ project_domain_name: "{{ .Values.config.openStackProjectDomainName }}"
+ user_domain_name: "{{ .Values.config.openStackUserDomainName }}"
+ cloud_sites:
+ Dallas:
+ region_id: "DFW"
+ clli: "DFW"
+ aic_version: "2.5"
+ identity_service_id: "RAX_KEYSTONE"
+ Northern Virginia:
+ region_id: "IAD"
+ clli: "IAD"
+ aic_version: "2.5"
+ identity_service_id: "RAX_KEYSTONE"
+ Chicago:
+ region_id: "ORD"
+ clli: "ORD"
+ aic_version: "2.5"
+ identity_service_id: "RAX_KEYSTONE"
+ RegionOne:
+ region_id: "RegionOne"
+ clli: "RegionOne"
+ aic_version: "2.5"
+ identity_service_id: "DEFAULT_KEYSTONE"
+ DEFAULT:
+ region_id: "{{ .Values.config.openStackRegion }}"
+ clli: "{{ .Values.config.openStackRegion }}"
+ aic_version: "2.5"
+ identity_service_id: "DEFAULT_KEYSTONE"
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+ {{- end }}
+ /app/start-app.sh
+ {{- end }}
+ env:
+ - name: DB_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: DB_PORT
+ value: {{ include "common.mariadbPort" . | quote }}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
+ ports:
+ - containerPort: {{ index .Values.containerPort }}
+ name: {{ .Values.service.portName }}
+ protocol: TCP
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2018 AT&T USA
+# Copyright © 2020 Huawei
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ app:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+readinessCheck:
+ wait_for:
+ - so-mariadb-config
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/catalog-db-adapter:1.7.10
+pullPolicy: Always
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
+mso:
+ adapters:
+ db:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 8082
+logPath: ./logs/catdb/
+app: catalog-db-adapter
+service:
+ type: ClusterIP
+ internalPort: *containerPort
+ externalPort: *containerPort
+ portName: so-catdb-port
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+#################################################################
+# soHelper part
+#################################################################
+soHelpers:
+ nameOverride: so-catalogdb-cert-init
+ certInitializer:
+ nameOverride: so-catalogdb-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.catalogDbAdapterPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: 8082
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+config:
+ openStackUserName: "vnf_user"
+ openStackRegion: "RegionOne"
+ openStackKeyStoneUrl: "http://1.2.3.4:5000/v2.0"
+ openStackServiceTenantName: "service"
+ openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
+ openStackTenantId: "d570c718cbc545029f40e50b75eb13df"
+ openStackProjectDomainName: "openStackProjectDomainName"
+ openStackUserDomainName: "openStackUserDomainName"
+ # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3
+ openStackKeystoneVersion: "KEYSTONE"
+nodeSelector: {}
+tolerations: []
+affinity: {}
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+appVersion: "1.7.1"
+description: A Helm chart for Kubernetes
+name: so-cnf-adapter
+version: 6.0.0
+
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
+
--- /dev/null
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+aai:
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }}
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+logging:
+ path: logs
+spring:
+ security:
+ usercredentials:
+ - username: ${ACTUATOR_USERNAME}
+ password: ${ACTUATOR_PASSWORD}
+ role: ACTUATOR
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+mso:
+ site-name: localSite
+ logPath: ./logs/cnf
+ msb-ip: msb-iag.{{ include "common.namespace" . }}
+ msb-port: 80
+#Actuator
+management:
+ endpoints:
+ web:
+ base-path: /manage
+ exposure:
+ include: "*"
+ metrics:
+ se-global-registry: false
+ export:
+ prometheus:
+ enabled: true # Whether exporting of metrics to Prometheus is enabled.
+ step: 1m # Step size (i.e. reporting frequency) to use.
+
--- /dev/null
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+
--- /dev/null
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
+ - name: {{ include "common.name" . }}-encrypter
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ java Crypto "${AAI_USERNAME}:${AAI_PASSWORD}" "${MSO_KEY}" > /output/.aai_creds
+ env:
+ - name: AAI_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "login") | indent 14 }}
+ - name: AAI_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "password") | indent 14 }}
+ - name: MSO_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cnf-adapter-mso-key" "key" "password") | indent 14 }}
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.global.soCryptoImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: encoder
+ mountPath: /output
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-so-mariadb-config-job
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export AAF_BASE64=$(echo -n "${AAF_USERNAME}:${AAF_PASSWORD}" | base64)
+ export AAF_AUTH=$(echo "Basic ${AAF_BASE64}")
+ export AAI_AUTH=$(cat /input/.aai_creds)
+ {{- if .Values.global.aafEnabled }}
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ {{- end }}
+ ./start-app.sh
+ resources: {{ include "common.resources" . | nindent 12 }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
+ env:
+ - name: AAF_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "login") | indent 14 }}
+ - name: AAF_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "password") | indent 14 }}
+ - name: ACTUATOR_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
+ - name: ACTUATOR_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
+ {{ include "so.certificates.env" . | indent 12 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-env
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ readOnly: true
+ - name: encoder
+ mountPath: /input
+ livenessProbe:
+ httpGet:
+ path: {{ index .Values.livenessProbe.path}}
+ port: {{ index .Values.containerPort }}
+ scheme: {{ index .Values.livenessProbe.scheme}}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: encoder
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
--- /dev/null
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
+
--- /dev/null
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
+
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ soCryptoImage: sdesbure/so_crypto:latest
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: ${AAF_AUTH}
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: server-actuator-creds
+ name: '{{ include "common.release" . }}-so-cnf-actuator-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
+ login: '{{ .Values.server.actuator.username }}'
+ password: '{{ .Values.server.actuator.password }}'
+ passwordPolicy: required
+ - uid: so-aaf-creds
+ name: '{{ include "common.release" . }}-so-cnf-aaf-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}'
+ login: '{{ .Values.server.aaf.username }}'
+ password: '{{ .Values.server.aaf.password }}'
+ passwordPolicy: required
+ - uid: so-aai-creds
+ name: '{{ include "common.release" . }}-so-cnf-aai-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}'
+ login: '{{ .Values.server.aai.username }}'
+ password: '{{ .Values.server.aai.password }}'
+ passwordPolicy: required
+ - uid: cnf-adapter-mso-key
+ name: '{{ include "common.release" . }}-so-cnf-mso-key'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}'
+ password: '{{ .Values.mso.msoKey }}'
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/mso-cnf-adapter:1.7.1
+pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+server:
+ aaf:
+ username: so@so.onap.org
+ password: demo123456
+ # aafCredsExternalSecret: some secret
+ aai:
+ username: aai@aai.onap.org
+ password: demo123456!
+ auth: ${AAI_AUTH}
+ # aaiCredsExternalSecret: some secret
+ actuator:
+ username: mso_admin
+ password: password1$
+ # actuatorCredsExternalSecret: some secret
+mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ # msoKeySecret: some secret
+ adapters:
+ requestDb:
+ auth: ${REQUEST_AUTH}
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 8090
+logPath: ./logs/cnf/
+app: cnf-adapter
+service:
+ type: ClusterIP
+ ports:
+ - name: http-api
+ port: *containerPort
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+soHelpers:
+ nameOverride: so-cnf-cert-init
+ certInitializer:
+ nameOverride: so-cnf-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.openStackAdapterPerm
+ containerPort: *containerPort
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: 8090
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
+
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP SO ETSI NFVO NS LCM
+name: so-etsi-nfvo-ns-lcm
+version: 6.0.0
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+{{/*
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+aai:
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+ version: v19
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+spring:
+ datasource:
+ hikari:
+ camunda:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: bpmn-pool
+ registerMbeans: true
+ nfvo:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/nfvo
+ username: ${DB_ADMIN_USERNAME}
+ password: ${DB_ADMIN_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: nfvo-pool
+ registerMbeans: true
+ security:
+ usercredentials:
+ - username: ${ETSI_NFVO_USERNAME}
+ password: ${ETSI_NFVO_PASSWORD}
+ role: ETSI-NFVO-Client
+server:
+ port: {{ .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+mso:
+ key: {{ .Values.mso.key }}
+so:
+ adapters:
+ sol003-adapter:
+ url: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1
+ auth: {{ .Values.so.sol003.adapter.auth }}
+etsi-catalog-manager:
+ base:
+ {{- if .Values.global.msbEnabled }}
+ endpoint: https://msb-iag:443/api
+ http:
+ client:
+ ssl:
+ trust-store: file:${TRUSTSTORE}
+ trust-store-password: ${TRUSTSTORE_PASSWORD}
+ {{- else }}
+ endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api
+ {{- end }}
+camunda:
+ bpm:
+ history-level: full
+ job-execution:
+ max-pool-size: 30
+ core-pool-size: 3
+ deployment-aware: true
--- /dev/null
+{{/*
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+ {{- if .Values.global.aafEnabled }}
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+ {{- end }}
+ {{- end }}
+ ./start-app.sh
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: ETSI_NFVO_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "login") | indent 14 }}
+ - name: ETSI_NFVO_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }}
+ - name: DB_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: DB_PORT
+ value: {{ include "common.mariadbPort" . | quote }}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
+ {{ include "so.certificates.env" . | indent 12 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ livenessProbe:
+ tcpSocket:
+ port: {{ index .Values.livenessProbe.port }}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
--- /dev/null
+{{/*
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: etsi-nfvo-nslcm-creds
+ name: '{{ include "common.release" . }}-so-etsi-nfvo-nslcm-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.etsi.nfvo.nslcm.credsExternalSecret) . }}'
+ login: '{{ .Values.etsi.nfvo.nslcm.username }}'
+ password: '{{ .Values.etsi.nfvo.nslcm.password }}'
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/so-etsi-nfvo-ns-lcm:1.7.7
+pullPolicy: Always
+
+aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+etsi:
+ nfvo:
+ nslcm:
+ username: so-etsi-nfvo-ns-lcm
+mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+so:
+ sol003:
+ adapter:
+ auth: Basic dm5mbTpwYXNzd29yZDEk
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 9095
+logPath: ./logs/so-etsi-nfvo-ns-lcm/
+app: so-etsi-nfvo-ns-lcm
+service:
+ type: ClusterIP
+ name: so-etsi-nfvo-ns-lcm
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true'
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "{{ include "common.servicename" . }}",
+ "version": "v1",
+ "url": "/so/so-etsi-nfvo-ns-lcm/v1",
+ "protocol": "REST",
+ "port": "{{ include "common.getPort" (dict "global" . "name" "http-api") }}",
+ "visualRange":"1"
+ }
+ ]{{ end }}
+ ports:
+ - name: http-api
+ port: *containerPort
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-nfvo-cert-init
+ certInitializer:
+ nameOverride: so-nfvo-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.nfvoAdapterPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+
+livenessProbe:
+ port: 9095
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: 'soetsinfvonslcm'
+ name: 'so-etsi-nfvo-ns-lcm'
+ port: 9095
+ config:
+ ssl: 'redirect'
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+#!/bin/sh
+{{/*
+#
+# ============LICENSE_START==========================================
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END============================================
+#
+# ECOMP and OpenECOMP are trademarks
+# and service marks of AT&T Intellectual Property.
+#
+*/}}
+
+echo "Creating camundabpmn database . . ." 1>/tmp/mariadb-camundabpmn.log 2>&1
+
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP DATABASE IF EXISTS camundabpmn;
+CREATE DATABASE camundabpmn;
+DROP USER IF EXISTS '${CAMUNDA_DB_USER}';
+CREATE USER '${CAMUNDA_DB_USER}';
+GRANT ALL on camundabpmn.* to '${CAMUNDA_DB_USER}' identified by '${CAMUNDA_DB_PASSWORD}' with GRANT OPTION;
+FLUSH PRIVILEGES;
+EOF
+
+cd /docker-entrypoint-initdb.d/db-sql-scripts
+
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_engine_7.10.0.sql || exit 1
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_identity_7.10.0.sql || exit 1
+
+echo "Created camundabpmn database . . ." 1>>/tmp/mariadb-camundabpmn.log 2>&1
--- /dev/null
+#!/bin/sh
+{{/*
+#
+# ============LICENSE_START==========================================
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END============================================
+#
+# ECOMP and OpenECOMP are trademarks
+# and service marks of AT&T Intellectual Property.
+#
+*/}}
+
+echo "Creating requestdb database . . ." 1>/tmp/mariadb-requestdb.log 2>&1
+
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP DATABASE IF EXISTS requestdb;
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ requestdb /*!40100 DEFAULT CHARACTER SET latin1 */;
+DROP USER IF EXISTS '${REQUEST_DB_USER}';
+CREATE USER '${REQUEST_DB_USER}';
+GRANT ALL on requestdb.* to '${REQUEST_DB_USER}' identified by '${REQUEST_DB_PASSWORD}' with GRANT OPTION;
+FLUSH PRIVILEGES;
+EOF
+
+echo "Created requestdb database . . ." 1>>/tmp/mariadb-requestdb.log 2>&1
--- /dev/null
+#!/bin/sh
+{{/*
+#
+# ============LICENSE_START==========================================
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END============================================
+#
+# ECOMP and OpenECOMP are trademarks
+# and service marks of AT&T Intellectual Property.
+#
+*/}}
+
+echo "Creating catalogdb database . . ." 1>/tmp/mariadb-catalogdb.log 2>&1
+
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP DATABASE IF EXISTS catalogdb;
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ catalogdb /*!40100 DEFAULT CHARACTER SET latin1 */;
+DROP USER IF EXISTS '${CATALOG_DB_USER}';
+CREATE USER '${CATALOG_DB_USER}';
+GRANT ALL on catalogdb.* to '${CATALOG_DB_USER}' identified by '${CATALOG_DB_PASSWORD}' with GRANT OPTION;
+FLUSH PRIVILEGES;
+EOF
+
+echo "Created catalogdb database . . ." 1>>/tmp/mariadb-catalogdb.log 2>&1
--- /dev/null
+#!/bin/sh
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+echo "Creating nfvo database . . ." 1>/tmp/mariadb-nfvodb.log 2>&1
+
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+NFVO_DB_PASSWORD=`prepare_password $NFVO_DB_PASSWORD`
+
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ nfvo /*!40100 DEFAULT CHARACTER SET latin1 */;
+DROP USER IF EXISTS '${NFVO_DB_USER}';
+CREATE USER '${NFVO_DB_USER}';
+GRANT ALL on nfvo.* to '${NFVO_DB_USER}' identified by '${NFVO_DB_PASSWORD}' with GRANT OPTION;
+FLUSH PRIVILEGES;
+EOF
+
+echo "Created nfvo database . . ." 1>>/tmp/mariadb-nfvodb.log 2>&1
--- /dev/null
+#!/bin/sh
+{{/*
+#
+# ============LICENSE_START==========================================
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END============================================
+#
+# ECOMP and OpenECOMP are trademarks
+# and service marks of AT&T Intellectual Property.
+#
+*/}}
+
+echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1
+
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+DB_PASSWORD=`prepare_password $DB_PASSWORD`
+
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP USER IF EXISTS '${DB_USER}';
+CREATE USER '${DB_USER}';
+GRANT USAGE ON *.* TO '${DB_USER}'@'%' IDENTIFIED BY '${DB_PASSWORD}';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON requestdb.* TO '${DB_USER}'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON catalogdb.* TO '${DB_USER}'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON camundabpmn.* TO '${DB_USER}'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON nfvo.* TO '${DB_USER}'@'%';
+FLUSH PRIVILEGES;
+EOF
+
+echo "Created so user . . ." 1>>/tmp/mariadb-so-user.log 2>&1
--- /dev/null
+#!/bin/sh
+{{/*
+#
+# ============LICENSE_START==========================================
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END============================================
+#
+# ECOMP and OpenECOMP are trademarks
+# and service marks of AT&T Intellectual Property.
+#
+*/}}
+
+echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1
+
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+DB_ADMIN_PASSWORD=`prepare_password $DB_ADMIN_PASSWORD`
+
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP USER IF EXISTS '${DB_ADMIN}';
+CREATE USER '${DB_ADMIN}';
+GRANT USAGE ON *.* TO '${DB_ADMIN}'@'%' IDENTIFIED BY '${DB_ADMIN_PASSWORD}';
+GRANT ALL PRIVILEGES ON camundabpmn.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON requestdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON catalogdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON nfvo.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+FLUSH PRIVILEGES;
+EOF
+
+echo "Created so admin user . . ." 1>>/tmp/mariadb-so-admin.log 2>&1
--- /dev/null
+{{/*
+# Copyright 2018 © Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-mariadb-sh
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-mariadb-sql
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/docker-entrypoint-initdb.d/db-sql-scripts/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.global.migration.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-backup
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ "helm.sh/hook": pre-upgrade,pre-install
+ "helm.sh/hook-weight": "1"
+ "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ containers:
+ - name: {{ include "common.fullname" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: DB_HOST
+ value: {{ .Values.global.migration.dbHost }}
+ - name: DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-backup-creds" "key" "login") | indent 10 }}
+ - name: DB_PORT
+ value: "{{ .Values.global.migration.dbPort }}"
+ - name: DB_PASS
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-backup-creds" "key" "password") | indent 10 }}
+ command:
+ - /bin/bash
+ - -c
+ - mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo > /var/data/mariadb/backup-`date +%s`.sql
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: backup-storage
+ mountPath: /var/data/mariadb
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: backup-storage
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-migration
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Never
+---
+{{- end }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-config-job
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ "helm.sh/hook": post-upgrade,post-rollback,post-install
+ "helm.sh/hook-weight": "0"
+ "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-job
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}-config
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/bash
+ - -c
+ - >
+ mysql() { /usr/bin/mysql -h ${DB_HOST} -P ${DB_PORT} "$@"; };
+ export -f mysql;
+ mysql --user=root --password=${MYSQL_ROOT_PASSWORD} requestdb -e exit > /dev/null 2>&1 {{ if not .Values.global.migration.enabled }} && echo "Database already initialized!!!" && exit 0 {{ end }};
+ for f in /docker-entrypoint-initdb.d/*; do case "$f" in *.sh) echo "$0: running $f"; . "$f" ;; *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; *) echo "$0: ignoring $f" ;; esac; echo; done;
+ {{- if .Values.global.migration.enabled }}
+ mysql -vv --user=root --password=${MYSQL_ROOT_PASSWORD} < `ls -tr /var/data/mariadb/* | tail -1`;
+ {{- end }}
+ env:
+ - name: DB_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: DB_PORT
+ value: {{ include "common.mariadbPort" . | quote }}
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }}
+ - name: DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ - name: CAMUNDA_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "camunda-db-creds" "key" "login") | indent 10 }}
+ - name: CAMUNDA_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "camunda-db-creds" "key" "password") | indent 10 }}
+ - name: REQUEST_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "request-db-creds" "key" "login") | indent 10 }}
+ - name: REQUEST_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "request-db-creds" "key" "password") | indent 10 }}
+ - name: CATALOG_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "login") | indent 10 }}
+ - name: CATALOG_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "password") | indent 10 }}
+ - name: NFVO_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "login") | indent 10 }}
+ - name: NFVO_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: docker-entrypoint-initdb-d-sh
+ mountPath: "/docker-entrypoint-initdb.d"
+ - name: docker-entrypoint-initdb-d-sql
+ mountPath: "/docker-entrypoint-initdb.d/db-sql-scripts"
+ {{- if .Values.global.migration.enabled }}
+ - name: backup-storage
+ mountPath: /var/data/mariadb
+ {{- end }}
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: docker-entrypoint-initdb-d-sh
+ configMap:
+ name: {{ include "common.fullname" . }}-mariadb-sh
+ - name: docker-entrypoint-initdb-d-sql
+ configMap:
+ name: {{ include "common.fullname" . }}-mariadb-sql
+ {{- if .Values.global.migration.enabled }}
+ - name: backup-storage
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-migration
+ {{- end }}
+ restartPolicy: Never
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# Default values for mariadb.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+ readinessImage: onap/oom/readiness:3.0.1
+ ubuntuInitRepository: docker.io
+ mariadbGalera:
+ nameOverride: &mariadbName mariadb-galera
+ serviceName: mariadb-galera
+ servicePort: "3306"
+ migration:
+ enabled: false
+ dbHost: mariadb-galera
+ dbPort: 3306
+ dbUser: root
+ dbPassword: secretpassword
+
+readinessCheck:
+ wait_for:
+ - *mariadbName
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-pass
+ name: '{{ include "common.release" . }}-so-mariadb-root-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.db.rootPasswordExternalSecret) . }}'
+ password: '{{ .Values.db.rootPassword }}'
+ passwordPolicy: required
+ - uid: db-backup-creds
+ name: '{{ include "common.release" . }}-so-mariadb-backup-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.backupCredsExternalSecret) . }}'
+ login: '{{ .Values.db.backupUser }}'
+ password: '{{ .Values.db.backupPassword }}'
+ passwordPolicy: required
+ annotations:
+ helm.sh/hook: pre-upgrade,pre-install
+ helm.sh/hook-weight: "0"
+ helm.sh/hook-delete-policy: before-hook-creation
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ - uid: camunda-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.camunda.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.db.camunda.userName }}'
+ password: '{{ .Values.db.camunda.password }}'
+ - uid: request-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.request.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.db.request.userName }}'
+ password: '{{ .Values.db.request.password }}'
+ - uid: catalog-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.catalog.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.db.catalog.userName }}'
+ password: '{{ .Values.db.catalog.password }}'
+ - uid: nfvo-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.nfvo.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.db.nfvo.userName }}'
+ password: '{{ .Values.db.nfvo.password }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: mariadb:10.1.38
+pullPolicy: Always
+ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+
+# db config
+db:
+ rootPassword: secretpassword
+ # rootPasswordExternalSecret: some secret
+ backupPassword: secretpassword
+ backupUser: root
+ # backupCredsExternalSecret: some secret
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+ camunda:
+ userName: camundauser
+ password: camunda123
+ # dbCredsExternalSecret: some secret
+ request:
+ userName: requestuser
+ password: request123
+ # dbCredsExternalSecret: some secret
+ catalog:
+ userName: cataloguser
+ password: catalog123
+ # dbCredsExternalSecret: some secret
+ nfvo:
+ userName: nfvouser
+ # dbCredsExternalSecret: some secret
+
+# application configuration
+config:
+ # gerrit branch where the latest heat code is checked in
+ gerritBranch: master
+ # gerrit project where the latest heat code is checked in
+ gerritProject: http://gerrit.onap.org/r/so/docker-config.git
+# default number of instances
+nodeSelector: {}
+affinity: {}
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor
+flavor: small
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
+
+persistence:
+ enabled: true
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ accessMode: ReadWriteMany
+ size: 2Gi
+
+ mountPath: /dockerdata-nfs
+ mountSubPath: so/migration
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+server:
+ port: {{ index .Values.containerPort }}
+ {{- if .Values.global.aafEnabled }}
+ ssl:
+ keyStore: ${KEYSTORE}
+ keyStorePassword: ${KEYSTORE_PASSWORD}
+ trustStore: ${TRUSTSTORE}
+ trustStorePassword: ${TRUSTSTORE_PASSWORD}
+ {{- end }}
+ tomcat:
+ max-threads: 50
+ {{- if not .Values.global.aafEnabled }}
+ssl-enable: false
+ {{- end }}
+camunda:
+ rest:
+ api:
+ url: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine/engine/
+ engine: default
+ auth: Basic YXBpaEJwbW46cGFzc3dvcmQxJA==
+mso:
+ database:
+ rest:
+ api:
+ url: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/infraActiveRequests/
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+spring:
+ main:
+ allow-bean-definition-overriding: true
+ security:
+ usercredentials:
+ -
+ username: ${SO_MONITORING_USERNAME}
+ password: ${SO_MONITORING_PASSWORD}
+ role: GUI-Client
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+# @author: gareth.roper@ericsson.com
+*/}}
+apiVersion: v1
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 Nokia
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+# @author: gareth.roper@ericsson.com
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ - name: so-chown
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ volumeMounts:
+ - name: logs
+ mountPath: /app/logs
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /app/logs"]
+ restartPolicy: Always
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ export SO_MONITORING_PASSWORD=`htpasswd -bnBC 10 "" $SO_MON_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+ {{- if .Values.global.aafEnabled }}
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0)
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE=file://$cadi_keystore
+ export KEYSTORE_PASSWORD=$cadi_keystore_password_p12
+ export TRUSTSTORE=file://$cadi_truststore
+ export TRUSTSTORE_PASSWORD=$cadi_truststore_password
+ {{- end }}
+ /app/start-app.sh
+ env:
+ - name: DB_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: DB_PORT
+ value: {{ include "common.mariadbPort" . | quote }}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ - name: SO_MONITORING_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 10 }}
+ - name: SO_MON_PASS
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 10 }}
+
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ readinessProbe:
+ tcpSocket:
+ port: {{ index .Values.readinessProbe.port }}
+ initialDelaySeconds: {{ index .Values.readinessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.readinessProbe.periodSeconds}}
+ livenessProbe:
+ tcpSocket:
+ port: {{ index .Values.livenessProbe.port }}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+
+ ports:
+ - containerPort: {{ index .Values.containerPort }}
+ name: {{ .Values.service.portName }}
+ protocol: TCP
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications © 2020 Nokia
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+# @author: gareth.roper@ericsson.com
+*/}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ {{if .Values.global.aafEnabled -}}
+ type: {{ .Values.service.type }}
+ {{- else -}}
+ type: ClusterIP
+ {{- end }}
+ ports:
+ {{if and (eq .Values.service.type "NodePort") (.Values.global.aafEnabled) -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+
+
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Copyright (C) 2020 Huawei
+# Modifications Copyright © 2020 Nokia
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+# @author: gareth.roper@ericsson.com
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+ readinessImage: onap/oom/readiness:3.0.1
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ envsubstImage: dibi/envsubst
+ aafEnabled: true
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: true
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: app-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.monitoring.soMonitoringCredsExternalSecret) . }}'
+ login: '{{ .Values.server.monitoring.username }}'
+ password: '{{ .Values.server.monitoring.password }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+repository: nexus3.onap.org:10001
+image: onap/so/so-monitoring:1.7.7
+pullPolicy: Always
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 9091
+logPath: app/logs/
+app: so-monitoring
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-monitoring-cert-init
+ certInitializer:
+ nameOverride: so-monitoring-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.monitoringPerm
+ containerPort: *containerPort
+
+server:
+ monitoring:
+ username: demo
+ # password: demo123456!
+ # soMonitoringCredsExternalSecret: some secret
+
+service:
+#Since this is a feature for monitoring the service type is changed to internal, users can change it to NodePort on need basis...
+ type: NodePort
+ nodePort: 24
+ internalPort: *containerPort
+ externalPort: *containerPort
+ portName: so-monitor-port
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+# Resource Limit flavor -By Default using small
+flavor: small
+#Segregation for different environment (Small or large)
+resources:
+ small:
+ requests:
+ memory: 1Gi
+ cpu: 10m
+ limits:
+ memory: 4Gi
+ cpu: 1
+ large:
+ requests:
+ memory: 2Gi
+ cpu: 20m
+ limits:
+ memory: 8Gi
+ cpu: 2
+readinessProbe:
+ port: 9091
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ timeoutSeconds: 10
+livenessProbe:
+ port: 9091
+ initialDelaySeconds: 40
+ periodSeconds: 10
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "somonitoring"
+ name: "so-monitoring"
+ port: 9091
+ config:
+ ssl: "none"
+nodeSelector: {}
+tolerations: []
+affinity: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+aai:
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+logging:
+ path: logs
+spring:
+ datasource:
+ jdbc-url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ jpa:
+ show-sql: false
+ hibernate:
+ dialect: org.hibernate.dialect.MySQL5Dialect
+ ddl-auto: validate
+ naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy
+ enable-lazy-load-no-trans: true
+ security:
+ usercredentials:
+ - username: ${BPEL_USERNAME}
+ password: ${BPEL_PASSWORD}
+ role: BPEL-Client
+ - username: ${ACTUATOR_USERNAME}
+ password: ${ACTUATOR_PASSWORD}
+ role: ACTUATOR
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+
+mso:
+ site-name: localSite
+ logPath: ./logs/nssmf
+ msb-ip: msb-iag.{{ include "common.namespace" . }}
+ msb-port: 80
+ adapters:
+ requestDb:
+ endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+#Actuator
+management:
+ endpoints:
+ web:
+ base-path: /manage
+ exposure:
+ include: "*"
+ metrics:
+ se-global-registry: false
+ export:
+ prometheus:
+ enabled: true # Whether exporting of metrics to Prometheus is enabled.
+ step: 1m # Step size (i.e. reporting frequency) to use.
--- /dev/null
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers:
+ {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+ export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+ {{- if .Values.global.aafEnabled }}
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+ {{- end }}
+ {{- end }}
+ ./start-app.sh
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
+ env:
+ - name: DB_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: DB_PORT
+ value: {{ include "common.mariadbPort" . | quote }}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
+ - name: BPEL_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "login") | indent 14 }}
+ - name: BPEL_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "password") | indent 14 }}
+ - name: ACTUATOR_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
+ - name: ACTUATOR_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
+ {{ include "so.certificates.env" . | nindent 12 }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-env
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ livenessProbe:
+ httpGet:
+ path: {{ index .Values.livenessProbe.path}}
+ port: {{ index .Values.containerPort }}
+ scheme: {{ index .Values.livenessProbe.scheme}}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+readinessCheck:
+ wait_for:
+ - so-mariadb-config
+
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: server-bpel-creds
+ name: '{{ include "common.release" . }}-so-server-bpel-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}'
+ login: '{{ .Values.server.bpel.username }}'
+ password: '{{ .Values.server.bpel.password }}'
+ passwordPolicy: required
+ - uid: server-actuator-creds
+ name: '{{ include "common.release" . }}-so-server-actuator-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
+ login: '{{ .Values.server.actuator.username }}'
+ password: '{{ .Values.server.actuator.password }}'
+ passwordPolicy: required
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/nssmf-adapter:1.7.10
+pullPolicy: Always
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+server:
+ actuator:
+ username: mso_admin
+ password: password1$
+ bpel:
+ username: bpel
+ password: password1$
+aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+mso:
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 8088
+logPath: ./logs/nssmf/
+app: nssmf-adapter
+service:
+ type: ClusterIP
+ ports:
+ - name: api
+ port: *containerPort
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+soHelpers:
+ nameOverride: so-nssmf-cert-init
+ certInitializer:
+ nameOverride: so-nssmf-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.nssmfAdapterPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: 8088
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
--- /dev/null
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: so-oof-adapter
+version: 6.0.0
--- /dev/null
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+logging:
+ path: logs
+spring:
+ security:
+ usercredentials:
+ - username: ${BPEL_USERNAME}
+ password: ${BPEL_PASSWORD}
+ role: BPEL-Client
+ - username: ${ACTUATOR_USERNAME}
+ password: ${ACTUATOR_PASSWORD}
+ role: ACTUATOR
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+
+mso:
+ site-name: localSite
+ logPath: ./logs/oof
+ msb-ip: msb-iag.{{ include "common.namespace" . }}
+ msb-port: 80
+ msoKey: ${MSO_KEY}
+ camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081
+ camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.camundaAuth )}}
+ workflow:
+ message:
+ endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
+ oof:
+ auth: ${OOF_LOGIN}:${OOF_PASSWORD}
+ endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698
+#Actuator
+management:
+ endpoints:
+ web:
+ base-path: /manage
+ exposure:
+ include: "*"
+ metrics:
+ se-global-registry: false
+ export:
+ prometheus:
+ enabled: true # Whether exporting of metrics to Prometheus is enabled.
+ step: 1m # Step size (i.e. reporting frequency) to use.
--- /dev/null
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ resources:
+{{ include "common.resources" . | indent 10 }}
+ env:
+ - name: DB_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: DB_PORT
+ value: {{ include "common.mariadbPort" . | quote }}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ - name: MSO_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-adapter-mso-key" "key" "password") | indent 10 }}
+ - name: OOF_LOGIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "login") | indent 10 }}
+ - name: OOF_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "password") | indent 10 }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+# Secrets metaconfig
+#################################################################
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: oof-adapter-mso-key
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}'
+ password: '{{ .Values.mso.msoKey }}'
+ - uid: oof-auth
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.mso.oof.authSecret) . }}'
+ login: '{{ .Values.mso.oof.login }}'
+ password: '{{ .Values.mso.oof.password }}'
+ passwordPolicy: required
+
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/so-oof-adapter:1.7.4
+pullPolicy: Always
+
+mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ oof:
+ login: test
+ password: testpwd
+
+replicaCount: 1
+containerPort: &containerPort 8090
+minReadySeconds: 10
+containerPort: *containerPort
+logPath: ./logs/oof/
+app: so-oof-adapter
+service:
+ type: ClusterIP
+ ports:
+ - name: api
+ port: *containerPort
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+
+soHelpers:
+ nameOverride: so-oof-adapter-cert-init
+ certInitializer:
+ nameOverride: so-oof-adapter-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.oofadapterPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: *containerPort
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+aai:
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+server:
+ port: {{ index .Values.containerPort }}
+spring:
+ datasource:
+ hikari:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: catdb-pool
+ registerMbeans: false
+ security:
+ usercredentials:
+ -
+ username: sdnc
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: SDNC-Client
+ -
+ username: sitecontrol
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: SiteControl-Client
+ -
+ username: bpel
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: BPEL-Client
+ -
+ username: sniro
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: SNIRO-Client
+ -
+ username: apih
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: MSO-Client
+ -
+ username: mso_admin
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: ACTUATOR
+org:
+ onap:
+ so:
+ adapters:
+ default_keystone_url_version: /v2.0
+ default_keystone_reg_ex: "/[vV][0-9]"
+ vnf:
+ bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
+ checkRequiredParameters: true
+ addGetFilesOnVolumeReq: false
+ sockettimeout: 30
+ connecttimeout: 30
+ retrycount: 5
+ retryinterval: -15
+ retrylist: 408,429,500,502,503,504,900
+ valet_enabled: false
+ fail_requests_on_valet_failure: false
+ network:
+ bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
+ sockettimeout: 5
+ connecttimeout: 5
+ retrycount: 5
+ retryinterval: -15
+ retrylist: 408,429,500,502,503,504,900
+ encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
+ tenant:
+ default_keystone_url_version: /v2.0
+ default_keystone_reg_ex: "/[vV][0-9]"
+ default_tenant_description: Tenant
+ default_region_type: single
+ default_user_role: admin
+ default_success_status_string: Success
+ default_no_regions_status_string: no regions
+ default_quota_value: 10
+ set_default_quota: false
+ecomp:
+ mso:
+ adapters:
+ po:
+ retryCodes: 504
+ retryDelay: 5
+ retryCount: 3
+ pollTimeout: 7500
+ pollInterval: 15
+mso:
+ adapters:
+ requestDb:
+ endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
+ logPath: ./logs/openstack
+ msb-ip: msb-iag
+ msb-port: 443
+ msb-scheme: https
+ workflow:
+ endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
+ msoKey: {{ .Values.mso.msoKey }}
+ config:
+ {{ if eq .Values.global.security.aaf.enabled true }}
+ cadi: {{ include "so.cadi.keys" . | nindent 8}}
+ {{- else }}
+ cadi:
+ aafId: {{ .Values.mso.basicUser }}
+ {{- end }}
+ catalog:
+ db:
+ spring:
+ endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
+ db:
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
+ site-name: localDevEnv
+ async:
+ core-pool-size: 50
+ max-pool-size: 50
+ queue-capacity: 500
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+ {{- end }}
+ /app/start-app.sh
+ {{- end }}
+ env:
+ - name: DB_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: DB_PORT
+ value: {{ include "common.mariadbPort" . | quote }}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
+ ports:
+ - containerPort: {{ index .Values.containerPort }}
+ name: {{ .Values.service.portName }}
+ protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2018 AT&T USA
+# Copyright © 2020 Huawei
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+readinessCheck:
+ wait_for:
+ - so-mariadb-config
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/openstack-adapter:1.7.10
+pullPolicy: Always
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
+aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+aaf:
+ auth:
+ encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F
+org:
+ onap:
+ so:
+ adapters:
+ bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
+mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ basicUser: poBpmn
+ auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+ db:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 8087
+logPath: ./logs/openstack/
+app: openstack-adapter
+service:
+ type: ClusterIP
+ internalPort: *containerPort
+ externalPort: *containerPort
+ portName: so-optack-port
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+#################################################################
+# soHelper part
+#################################################################
+soHelpers:
+ nameOverride: so-openstack-cert-init
+ certInitializer:
+ nameOverride: so-openstack-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.openStackAdapterPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: 8087
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+config:
+ openStackUserName: "vnf_user"
+ openStackRegion: "RegionOne"
+ openStackKeyStoneUrl: "http://1.2.3.4:5000/v2.0"
+ openStackServiceTenantName: "service"
+ openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
+ openStackTenantId: "d570c718cbc545029f40e50b75eb13df"
+nodeSelector: {}
+tolerations: []
+affinity: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# will be used as entry in DB to say SITE OFF/ON for healthcheck
+*/}}
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+ssl-enable: false
+mso:
+ logPath: logs
+ site-name: localSite
+ config:
+ cadi: {{- include "so.cadi.keys" . | nindent 8}}
+ adapters:
+ requestDb:
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
+spring:
+ datasource:
+ hikari:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: reqdb-pool
+ registerMbeans: true
+ security:
+ usercredentials:
+ -
+ username: bpel
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: BPEL-Client
+ -
+ username: mso_admin
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: ACTUATOR
+#Actuator
+management:
+ context-path: /manage
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+ {{- end }}
+ /app/start-app.sh
+ {{- end }}
+ env:
+ - name: DB_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: DB_PORT
+ value: {{ include "common.mariadbPort" . | quote }}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
+ ports:
+ - containerPort: {{ index .Values.containerPort }}
+ name: {{ .Values.service.portName }}
+ protocol: TCP
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2018 AT&T USA
+# Copyright © 2020 Huawei
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+readinessCheck:
+ wait_for:
+ - so-mariadb-config
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/request-db-adapter:1.7.10
+pullPolicy: Always
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
+mso:
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 8083
+logPath: ./logs/reqdb/
+app: request-db-adapter
+service:
+ type: ClusterIP
+ internalPort: *containerPort
+ externalPort: *containerPort
+ portName: so-reqdb-port
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-requestdb-cert-init
+ certInitializer:
+ nameOverride: so-requestdb-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.requestDbAdapterPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: 8083
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+aai:
+ auth: {{.Values.aai.auth}}
+server:
+ port: {{ index .Values.containerPort }}
+spring:
+ datasource:
+ hikari:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: catdb-pool
+ registerMbeans: false
+ security:
+ usercredentials:
+ -
+ username: asdc
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: Asdc-Client
+ -
+ username: mso_admin
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: ACTUATOR
+request:
+ datasource:
+ hikari:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: reqdb-pool
+ registerMbeans: false
+mso:
+ msoKey: {{ index .Values.mso.msoKey }}
+ logPath: ./logs/sdc
+ config:
+ cadi: {{ include "so.cadi.keys" . | nindent 8}}
+ catalog:
+ db:
+ spring:
+ endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
+ db:
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
+ site-name: onapheat
+ camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
+ adapters:
+ requestDb:
+ endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
+ aai:
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ asdc-connections:
+ asdc-controller1:
+ user: mso
+ consumerGroup: SO-OpenSource-Env11
+ consumerId: SO-COpenSource-Env11
+ environmentName: AUTO
+ asdcAddress: sdc-be.{{ include "common.namespace" . }}:8443
+ password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }}
+ pollingInterval: 60
+ pollingTimeout: 60
+ relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL
+ useHttpsWithDmaap: false
+ activateServerTLSAuth: false
+ keyStorePassword:
+ keyStorePath:
+ watchDogTimeout: 300
+ isFitlerInEmptyResources: true
+ messageBusAddress: message-router.{{ include "common.namespace" . }},message-router.{{ include "common.namespace" . }}
+ asdc:
+ config:
+ activity:
+ endpoint: http://sdc-wfd-be:8080
+ key: {{ .Values.mso.asdc.config.key }}
+ components:
+ count: 3,
+ componentNames: SO,AAI,SDNC
+ scheduling:
+ enabled: false
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+ {{- end }}
+ /app/start-app.sh
+ {{- end }}
+ env:
+ - name: DB_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: DB_PORT
+ value: {{ include "common.mariadbPort" . | quote }}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
+ ports:
+ - containerPort: {{ index .Values.containerPort }}
+ name: {{ .Values.service.portName }}
+ protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2018 AT&T USA
+# Copyright © 2020 Huawei
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+readinessCheck:
+ wait_for:
+ - so-mariadb-config
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/sdc-controller:1.7.10
+pullPolicy: Always
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
+aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+ asdc:
+ config:
+ key: 566B754875657232314F5548556D3665
+ asdc-connections:
+ asdc-controller1:
+ password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 8085
+logPath: ./logs/sdc/
+app: sdc-controller
+service:
+ type: ClusterIP
+ internalPort: *containerPort
+ externalPort: *containerPort
+ portName: so-sdc-port
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-sdc-cert-init
+ certInitializer:
+ nameOverride: so-sdc-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.sdcControllerPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: 8085
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+server:
+ port: {{ index .Values.containerPort }}
+mso:
+ async:
+ core-pool-size: 50
+ max-pool-size: 50
+ queue-capacity: 500
+ logPath: ./logs/sdnc
+ config:
+ cadi: {{ include "so.cadi.keys" . | nindent 14}}
+ catalog:
+ db:
+ spring:
+ endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
+ db:
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ site-name: onapheat
+org:
+ onap:
+ so:
+ adapters:
+ sdnc:
+ '.':
+ put: PUT|60000|sdncurl5|
+ query: GET|60000|sdncurl2|
+ restdelete: DELETE|60000|sdncurl5|
+ '':
+ brg-topology-operation:
+ activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ contrail-route-topology-operation:
+ activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ network-topology-operation:
+ activate: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
+ assign: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
+ changeassign: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
+ changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
+ delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
+ reserve: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
+ rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
+ port-mirror-topology-operation:
+ activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ disable: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ enable: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ security-zone-topology-operation:
+ activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ service-homing-operation:
+ homing: POST|60000|sdncurl3|sdnc-homing-header|com:att:sdnctl:aicHoming
+ service-topology-operation:
+ assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ rollback: POST|270000|sdncur10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ svc-topology-operation:
+ activate: POST|285000|sdncurl8|sdnc-request-header|com:att:sdnctl:nbncapi
+ assign: POST|285000|sdncurl8|sdnc-request-header|com:att:sdnctl:nbncapi
+ delete: POST|285000|sdncurl8|sdnc-request-header|com:att:sdnctl:nbncapi
+ vnf-topology-aic-operation:
+ activate: POST|270000|sdncurl11|sdnc-request-header|com:att:sdnctl:vnftopologyaic
+ assign: POST|270000|sdncurl11|sdnc-request-header|com:att:sdnctl:vnftopologyaic
+ tunnelxconn-topology-operation:
+ activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ vnf-topology-operation:
+ activate: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
+ assign: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
+ changeassign: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
+ changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
+ delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
+ rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
+ bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}}
+ bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService
+ opticalservice:
+ optical-service-create:
+ create: POST|270000|sdncurl13|sdnc-request-header|org:onap:sdnc:northbound:optical-service
+ optical-service-delete:
+ delete: POST|270000|sdncurl13|sdnc-request-header|org:onap:sdnc:northbound:optical-service
+ generic-resource:
+ network-topology-operation:
+ create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ vf-module-topology-operation:
+ create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ changeassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ changedelete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ rollback: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ vnf-topology-operation:
+ create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ changeassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ changedelete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ rollback: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
+ infra:
+ '':
+ query: GET|60000|sdncurl5|
+ mobility:
+ '':
+ query: GET|60000|sdncurl5|
+ myurl: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/SDNCNotify
+ rest:
+ bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
+ sdncauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}}
+ sdncconnecttime: 5000
+ sdncurl10: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/GENERIC-RESOURCE-API:'
+ sdncurl11: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNFTOPOLOGYAIC-API:'
+ sdncurl12: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/'
+ sdncurl13: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/opticalservice:'
+ sdncurl5: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/config'
+ sdncurl6: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNF-API:'
+ sdncurl7: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/L3UCPE-API:'
+ sdncurl8: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/NBNC-API:'
+ sdncurl9: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/NORTHBOUND-API:service-topology-operation'
+ sdncurl20: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/LCM:'
+ service:
+ infra:
+ service-topology-infra-activate-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1
+ service-topology-infra-assign-operation: POST|120000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1
+ service-topology-infra-delete-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1
+ service-topology-infra-release-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1
+ vfmodule:
+ '':
+ query: GET|60000|sdncurl12|
+ lcm:
+ download-n-e-sw: POST|1800000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+ activate-n-e-sw: POST|300000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+ upgrade-pre-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+ upgrade-post-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+ default: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+ network:
+ encryptionKey: {{ index .Values.org.onap.so.adapters.sdnc.network.encryptionKey }}
+spring:
+ security:
+ usercredentials:
+ -
+ username: sdnc
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: SDNC-Client
+ -
+ username: sitecontrol
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: SiteControl-Client
+ -
+ username: bpel
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: BPEL-Client
+ -
+ username: sniro
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: SNIRO-Client
+ -
+ username: apih
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: MSO-Client
+ -
+ username: mso_admin
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: ACTUATOR
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+ {{- end }}
+ /app/start-app.sh
+ {{- end }}
+ env:
+ - name: DB_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: DB_PORT
+ value: {{ include "common.mariadbPort" . | quote }}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
+ ports:
+ - containerPort: {{ index .Values.containerPort }}
+ name: {{ .Values.service.portName }}
+ protocol: TCP
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2018 AT&T USA
+# Copyright © 2020 Huawei
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ persistence:
+ mountPath: /dockerdata-nfs
+ #This configuration specifies Service and port for SDNC OAM interface
+ sdncOamService: sdnc-oam
+ sdncOamPort: 8282
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/sdnc-adapter:1.7.10
+pullPolicy: Always
+
+org:
+ onap:
+ so:
+ adapters:
+ sdnc:
+ bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100
+ sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135
+ network:
+ encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
+mso:
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 8086
+logPath: ./logs/sdnc/
+app: sdnc-adapter
+service:
+ type: ClusterIP
+ internalPort: *containerPort
+ externalPort: *containerPort
+ portName: so-sdnc-port
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-sdnc-cert-init
+ certInitializer:
+ nameOverride: so-sdnc-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.sdncAdapterPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: 8086
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung# Copyright © 2020 Samsung
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+server:
+ port: {{ include "common.getPort" (dict "global" . "name" "http") }}
+
+vevnfmadapter:
+ endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1
+
+aai:
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+
+dmaap:
+ endpoint: http://message-router.{{ include "common.namespace" . }}:3904
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+data:
+ APP: {{ include "common.name" . }}
+---
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | nindent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+ containers:
+ - name: {{ include "common.name" . }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.livenessProbe.port }}
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds}}
+ successThreshold: {{ .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold}}
+ ports: {{- include "common.containerPorts" . | nindent 10 }}
+ volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020 Samsung
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence:
+ mountPath: /dockerdata-nfs
+
+readinessCheck:
+ wait_for:
+ - aai
+ - message-router
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/ve-vnfm-adapter:1.6.4
+pullPolicy: Always
+replicaCount: 1
+service:
+ name: ve-vnfm-adapter
+ type: ClusterIP
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if not .Values.global.msbDisabled -}}[
+ {
+ "serviceName": "{{ include "common.servicename" . }}",
+ "version": "v1",
+ "url": "/",
+ "protocol": "REST",
+ "port": "{{ include "common.getPort" (dict "global" . "name" "http") }}",
+ "visualRange": "1"
+ }
+ ]{{ end }}
+ ports:
+ - name: http
+ port: 9098
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-vevnfm-cert-init
+ certInitializer:
+ nameOverride: so-vevnfm-cert-init
+ credsPath: /opt/app/osaaf/local
+
+flavor: small
+resources:
+ small:
+ limits:
+ memory: 512Mi
+ cpu: 500m
+ requests:
+ memory: 256Mi
+ cpu: 250m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ port: 9098
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+nodeSelector: {}
+tolerations: []
+affinity: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+logging:
+ path: logs
+spring:
+ datasource:
+ hikari:
+ driver-class-name: org.mariadb.jdbc.Driver
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ pool-name: reqdb-pool
+ registerMbeans: true
+ security:
+ usercredentials:
+ - username: bpel
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: BPEL-Client
+ - username: mso_admin
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: ACTUATOR
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+mso:
+ site-name: localSite
+ logPath: ./logs/vfc
+ config:
+ cadi: {{ include "so.cadi.keys" . | nindent 8}}
+ msb-ip: msb-iag
+ msb-port: 80
+ adapters:
+ requestDb:
+ endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+#Actuator
+management:
+ security:
+ enabled: false
+ basic:
+ enabled: false
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ .Values.minReadySeconds }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+ {{- end }}
+ /app/start-app.sh
+ {{- end }}
+ env:
+ - name: DB_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: DB_PORT
+ value: {{ include "common.mariadbPort" . | quote }}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ livenessProbe:
+ httpGet:
+ path: {{- .Values.livenessProbe.path|indent 2}}
+ port: {{ .Values.containerPort }}
+ scheme: {{- .Values.livenessProbe.scheme| indent 2}}
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds}}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds}}
+ successThreshold: {{ .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold}}
+ ports:
+ - containerPort: {{ .Values.containerPort }}
+ name: {{ .Values.service.portName }}
+ protocol: TCP
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
\ No newline at end of file
--- /dev/null
+# Copyright © 2018 AT&T USA
+# Copyright © 2020 Huawei
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+readinessCheck:
+ wait_for:
+ - so-mariadb-config
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/vfc-adapter:1.7.10
+pullPolicy: Always
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
+mso:
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 8084
+logPath: ./logs/vfc/
+app: vfc-adapter
+service:
+ type: ClusterIP
+ internalPort: *containerPort
+ externalPort: *containerPort
+ portName: so-vfc-port
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-vfc-cert-init
+ certInitializer:
+ nameOverride: so-vfc-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.vfcAdapterPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: 8084
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+{{/*
+# Copyright © 2019 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+aai:
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+ version: v15
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+spring:
+ security:
+ usercredentials:
+ - username: vnfm
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: BPEL-Client
+ - username: mso_admin
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: ACTUATOR
+server:
+ port: {{ index .Values.containerPort }}
+ ssl:
+ enabled: false
+mso:
+ key: {{ .Values.mso.key }}
+ site-name: localSite
+ logPath: ./logs/vnfm-adapter
+ config:
+ cadi: {{ include "so.cadi.keys" . | nindent 8}}
+ msb-ip: msb-iag
+ msb-port: 80
+sdc:
+ username: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}}
+ password: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}}
+ key: {{ .Values.sdc.key }}
+ endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443
+vnfmadapter:
+ endpoint: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092
+etsi-catalog-manager:
+ vnfpkgm:
+ {{- if .Values.global.msbEnabled }}
+ endpoint: https://msb-iag:443/api/vnfpkgm/v1
+ http:
+ client:
+ ssl:
+ trust-store: file:${TRUSTSTORE}
+ trust-store-password: ${TRUSTSTORE_PASSWORD}
+ {{- else }}
+ endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1
+ {{- end }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2019 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ .Values.minReadySeconds }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+ export KEYSTORE="{{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.p12"
+ /app/start-app.sh
+ {{- end }}
+ env:
+ {{ include "so.certificates.env" . | indent 8 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.livenessProbe.port }}
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds}}
+ successThreshold: {{ .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold}}
+ ports:
+ - containerPort: {{ .Values.containerPort }}
+ name: {{ .Values.service.portName }}
+ protocol: TCP
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2019 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "{{ include "common.servicename" . }}",
+ "version": "v1",
+ "url": "/so/vnfm-adapter/v1",
+ "protocol": "REST",
+ "port": "{{.Values.service.externalPort}}",
+ "visualRange":"1"
+ }
+ ]'
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2019 Nordix Foundation
+# Copyright © 2020 Huawei
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/vnfm-adapter:1.7.10
+pullPolicy: Always
+
+aaf:
+ auth:
+ username: so@so.onap.org
+ password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA
+aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+sdc:
+ username: mso
+ password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+ key: 566B754875657232314F5548556D3665
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 9092
+logPath: ./logs/vnfm-adapter/
+app: vnfm-adapter
+service:
+ type: NodePort
+ internalPort: *containerPort
+ externalPort: *containerPort
+ nodePort: "06"
+ portName: so-vnfm-port
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-vnfm-cert-init
+ certInitializer:
+ nameOverride: so-vnfm-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.vnfmAdapterPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ port: 9092
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "sovnfmadapter"
+ name: "so-vnfm-adapter"
+ port: 9092
+ config:
+ ssl: "redirect"
+nodeSelector: {}
+tolerations: []
+affinity: {}
--- /dev/null
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+description: A Helm chart for SO helpers
+name: soHelpers
+version: 6.0.0
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{- define "so.cadi.keys" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
+cadiLoglevel: {{ $initRoot.cadi.logLevel }}
+cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.keyFile }}
+cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.trustore }}
+cadiTruststorePassword: ${TRUSTSTORE_PASSWORD}
+cadiLatitude: {{ $initRoot.cadi.latitude }}
+cadiLongitude: {{ $initRoot.cadi.longitude }}
+aafEnv: {{ $initRoot.cadi.aafEnv }}
+aafApiVersion: {{ $initRoot.cadi.aafApiVersion }}
+aafRootNs: {{ $initRoot.cadi.aafRootNs }}
+aafId: {{ $initRoot.cadi.aafId }}
+aafPassword: {{ $initRoot.cadi.aafPassword }}
+aafLocateUrl: {{ $initRoot.cadi.aafLocateUrl }}
+aafUrl: {{ $initRoot.cadi.aafUrl }}
+apiEnforcement: {{ $initRoot.cadi.apiEnforcement }}
+{{- if ($initRoot.cadi.noAuthn) }}
+noAuthn: {{ $initRoot.cadi.noAuthn }}
+{{- end }}
+{{- end }}
--- /dev/null
+{{- define "so.certificate.container_importer" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+{{ include "common.certInitializer.initContainer" $subchartDot }}
+{{- if $dot.Values.global.aafEnabled }}
+- name: {{ include "common.name" $dot }}-msb-cert-importer
+ image: {{ include "repositoryGenerator.repository" $subchartDot }}/{{ $dot.Values.global.aafAgentImage }}
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
+ command:
+ - "/bin/sh"
+ args:
+ - "-c"
+ - |
+ export $(grep '^c' {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ keytool -import -trustcacerts -alias msb_root -file \
+ /certificates/msb-ca.crt -keystore \
+ "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
+ -storepass $cadi_truststore_password -noprompt
+ keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \
+ -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \
+ -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
+ -deststorepass $cadi_truststore_password -noprompt
+ volumeMounts:
+ {{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }}
+ - name: {{ include "common.name" $dot }}-msb-certificate
+ mountPath: /certificates
+{{- end }}
+{{- end -}}
+
+{{- define "so.certificate.volumes" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+{{ include "common.certInitializer.volumes" $subchartDot }}
+{{- if $dot.Values.global.aafEnabled }}
+- name: {{ include "common.name" $dot }}-msb-certificate
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" $subchartDot "uid" "so-onap-certs") }}
+{{- end }}
+{{- end -}}
+
+{{- define "so.certificate.volumeMount" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+{{ include "common.certInitializer.volumeMount" $subchartDot }}
+{{- end -}}
+
+{{- define "so.certificates.env" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+{{- if $dot.Values.global.aafEnabled }}
+- name: TRUSTSTORE
+ value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}
+{{- if $dot.Values.global.security.aaf.enabled }}
+- name: KEYSTORE
+ value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.p12
+{{- end }}
+{{- end }}
+{{- end -}}
--- /dev/null
+{{- define "so.helpers.livenessProbe" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+livenessProbe:
+ httpGet:
+ path: {{ $subchartDot.Values.livenessProbe.path }}
+ port: {{ $subchartDot.Values.containerPort }}
+ scheme: {{ $subchartDot.Values.livenessProbe.scheme }}
+ {{- if $subchartDot.Values.global.security.aaf.enabled }}
+ httpHeaders:
+ - name: Authorization
+ value: {{ $subchartDot.Values.global.aaf.auth.header }}
+ {{- end }}
+ initialDelaySeconds: {{ $subchartDot.Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ $subchartDot.Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ $subchartDot.Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ $subchartDot.Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ $subchartDot.Values.livenessProbe.failureThreshold }}
+{{- end -}}
--- /dev/null
+{{- define "so.helpers.profileProperty" -}}
+ {{ if .condition }}{{ .value1 }}{{ else }}{{ .value2 }}{{ end }}
+{{- end -}}
--- /dev/null
+# Copyright © 2018 AT&T USA
+# Copyright © 2020 Huawei
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ msbEnabled: true
+ security:
+ aaf:
+ enabled: false
+ app:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ client:
+ certs:
+ truststore: /app/client/org.onap.so.trust.jks
+ keystore: /app/client/org.onap.so.jks
+ trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
+ keyStorePassword: c280b25hcA==
+ certificates:
+ path: /etc/ssl/certs
+ share_path: /usr/local/share/ca-certificates/
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: 'so-onap-certs'
+ name: '{{ include "common.release" . }}-so-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths:
+ - resources/config/certificates/msb-ca.crt
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: so
+ fqi: so@so.onap.org
+ public_fqdn: so.onap.org
+ cadi_longitude: '0.0'
+ cadi_latitude: '0.0'
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ trustStoreAllPass: changeit
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+aafConfig:
+ permission_user: 1000
+ permission_group: 999
+
+aaf:
+ trustore: org.onap.so.trust.jks
+ keyFile: org.onap.so.keyfile
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+livenessProbe:
+ path: /manage/health
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+cadi:
+ logLevel: DEBUG
+ latitude: 38.4329
+ longitude: -90.43248
+ aafEnv: IST
+ aafApiVersion: 2.1
+ aafRootNs: org.onap.so
+ aafLocateUrl: https://aaf-locate.onap:8095
+ aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.apihPerm
+ noAuthn: /manage/health
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: readinessCheck
+ version: ~6.x-0
+ repository: '@local'
- name: mariadb-galera
version: ~6.x-0
repository: '@local'
condition: global.mariadbGalera.localCluster
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://components/soHelpers'
+ - name: so-appc-orchestrator
+ version: ~6.x-0
+ repository: 'file://components/so-appc-orchestrator'
+ condition: so-appc-orchestrator.enabled
+ - name: so-bpmn-infra
+ version: ~6.x-0
+ repository: 'file://components/so-bpmn-infra'
+ - name: so-catalog-db-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-catalog-db-adapter'
+ condition: so-catalog-db-adapter.enabled
+ - name: so-cnf-adapter
+ version: ~6.x-0
+ repository: "file://components/so-cnf-adapter"
+ condition: so-cnf-adapter.enabled
+ - name: so-etsi-nfvo-ns-lcm
+ version: ~6.x-0
+ repository: 'file://components/so-etsi-nfvo-ns-lcm'
+ condition: so-etsi-nfvo-ns-lcm.enabled
+ - name: so-mariadb
+ version: ~6.x-0
+ repository: 'file://components/so-mariadb'
+ - name: so-monitoring
+ version: ~6.x-0
+ repository: 'file://components/so-monitoring'
+ condition: so-monitoring.enabled
+ - name: so-nssmf-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-nssmf-adapter'
+ condition: so-nssmf-adapter.enabled
+ - name: so-oof-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-oof-adapter'
+ condition: so-oof-adapter.enabled
+ - name: so-openstack-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-openstack-adapter'
+ condition: so-openstack-adapter.enabled
+ - name: so-request-db-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-request-db-adapter'
+ - name: so-sdc-controller
+ version: ~6.x-0
+ repository: 'file://components/so-sdc-controller'
+ - name: so-sdnc-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-sdnc-adapter'
+ condition: so-sdnc-adapter.enabled
+ - name: so-ve-vnfm-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-ve-vnfm-adapter'
+ condition: so-ve-vnfm-adapter.enabled
+ - name: so-vfc-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-vfc-adapter'
+ condition: so-vfc-adapter.enabled
+ - name: so-vnfm-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-vnfm-adapter'
+ condition: so-vnfm-adapter.enabled
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
#!/bin/sh
+{{/*
# Copyright 2015 AT&T Intellectual Properties
##############################################################################
# Script to initialize the chef-repo branch and.chef
#
##############################################################################
+*/}}
# Copy the certificates
echo 'Copying the *.crt provided in /shared folder'
cp --verbose /shared/*.crt /usr/local/share/ca-certificates
aai:
endpoint: https://aai.{{ include "common.namespace" . }}:8443
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
server:
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
ssl-enable: false
mso:
- msoKey: {{ .Values.global.app.msoKey }}
+ msoKey: {{ .Values.mso.msoKey }}
logPath: ./logs/apih
site-name: {{ index .Values.global.app.siteName }}
adapters:
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
config:
path: /src/main/resources/
- cadi: {{ include "cadi.keys" . | nindent 10}}
+ cadi: {{ include "so.cadi.keys" . | nindent 10}}
infra:
default:
alacarte:
default:
testApi: GR_API
camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
- camundaAuth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.camundaAuth )}}
+ camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.camundaAuth )}}
async:
core-pool-size: 50
max-pool-size: 50
queue-capacity: 500
sdc:
client:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.sdc.client.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.sdc.client.auth )}}
activate:
instanceid: test
userid: cs0008
count: 3
aai:
endpoint: https://aai.{{ include "common.namespace" . }}:8443
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
extApi:
endpoint: http://nbi.onap:8080/nbi/api/v3
username: testuser
password: VjR5NDcxSzA=
host: http://dmaap-bc.{{ include "common.namespace" . }}:8080
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.so.operationalEnv.dmaap.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.so.operationalEnv.dmaap.auth )}}
publisher:
topic: com.att.ecomp.mso.operationalEnvironmentEvent
health:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.health.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.health.auth )}}
endpoints:
- subsystem: apih
uri: http://so-bpmn-infra:8081
cloud-owner: CloudOwner
adapters:
network:
- encryptionKey: {{ .Values.global.app.msoKey }}
+ encryptionKey: {{ .Values.mso.msoKey }}
+++ /dev/null
-{{- define "cadi.keys" -}}
-cadiLoglevel: DEBUG
-cadiKeyFile: /org.onap.so.keyfile
-cadiTrustStore: /app/org.onap.so.trust.jks
-cadiTruststorePassword: {{ .Values.global.app.cadi.cadiTruststorePassword }}
-cadiLatitude: {{ .Values.global.app.cadi.cadiLatitude }}
-cadiLongitude: {{ .Values.global.app.cadi.cadiLongitude }}
-aafEnv: {{ .Values.global.app.cadi.aafEnv }}
-aafApiVersion: 2.0
-aafRootNs: {{ .Values.global.app.cadi.aafRootNs }}
-aafId: {{ .Values.mso.config.cadi.aafId }}
-aafPassword: {{ .Values.mso.config.cadi.aafPassword }}
-aafLocateUrl: {{ .Values.global.app.cadi.aafLocateUrl }}
-aafUrl: {{ .Values.global.app.cadi.aafUrl }}
-apiEnforcement: {{ .Values.mso.config.cadi.apiEnforcement }}
-{{- if (.Values.global.app.cadi.noAuthn) }}
-noAuthn: {{ .Values.mso.config.cadi.noAuthn }}
-{{- end }}
-{{- end }}
+++ /dev/null
-{{- define "so.certificate.container_importer" -}}
-- name: {{ include "common.name" . }}-certs-importer
- image: "{{ include "common.repository" . }}/{{ .Values.global.soBaseImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - "/bin/sh"
- args:
- - "-c"
- - "update-ca-certificates --fresh && \
- cp -r {{ .Values.global.certificates.path }}/* /certificates"
- volumeMounts:
- - name: {{ include "common.name" . }}-certificates
- mountPath: /certificates
- - name: {{ include "common.name" . }}-onap-certificates
- mountPath: {{ .Values.global.certificates.share_path }}
-{{- end -}}
-
-{{- define "so.certificate.volume-mounts" -}}
-- name: {{ include "common.name" . }}-certificates
- mountPath: {{ .Values.global.certificates.path }}
-- name: {{ include "common.name" . }}-onap-certificates
- mountPath: {{ .Values.global.certificates.share_path }}
-{{- end -}}
-
-{{- define "so.certificate.volumes" -}}
-- name: {{ include "common.name" . }}-certificates
- emptyDir:
- medium: Memory
-- name: {{ include "common.name" . }}-onap-certificates
- secret:
- secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "so-onap-certs") }}
-{{- end -}}
+++ /dev/null
-{{- define "helpers.livenessProbe" -}}
-livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- {{- if eq .Values.global.security.aaf.enabled true }}
- httpHeaders:
- - name: Authorization
- value: {{ index .Values.global.aaf.auth.header }}
- {{- end }}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
-{{- end -}}
+++ /dev/null
-{{- define "helpers.profileProperty" -}}
- {{ if eq .condition true }}{{.value1}}{{else}}{{.value2}} {{ end }}
-{{- end -}}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
metadata:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-so-mariadb-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ initContainers:
+ {{ include "so.certificate.container_importer" . | indent 6 | trim }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
- image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+ {{- end }}
+ /app/start-app.sh
+ {{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
- - name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- - name: KEYSTORE
- value: /app/org.onap.so.jks
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
-{{ include "helpers.livenessProbe" .| indent 8 }}
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
# Filebeat sidecar container
- name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ image: {{ include "repositoryGenerator.image.logging" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-filebeat-conf
+{{/*
# Copyright © 2020 Samsung Electronics
# Modifications Copyright © 2020 Orange
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
metadata:
# Copyright © 2018 AT&T USA
-#
+# Copyright © 2020 Huawei
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- soBaseImage: onap/so/base-image:1.0
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
mariadbGalera:
nameOverride: mariadb-galera
serviceName: mariadb-galera
- servicePort: "3306"
+ servicePort: '3306'
+ service: mariadb-galera
+ internalPort: '3306'
# mariadbRootPassword: secretpassword
# rootPasswordExternalSecret: some secret
#This flag allows SO to instantiate its own mariadb-galera cluster,
siteName: onapheat
auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
defaultCloudOwner: onap
- cadi:
- cadiLoglevel: DEBUG
- cadiKeyFile: /app/client/org.onap.so.keyfile
- cadiTrustStore: /app/client/org.onap.so.trust.jks
- cadiTruststorePassword: enc:MFpuxKeYK6Eo6QXjDUjtOBbp0FthY7SB4mKSIJm_RWC
- cadiLatitude: 38.4329
- cadiLongitude: -90.43248
- aafEnv: IST
- aafApiVersion: 2.1
- aafRootNs: org.onap.so
- aafLocateUrl: https://aaf-locate.onap:8095
- aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+
client:
certs:
truststore: /app/client/org.onap.so.trust.jks
path: /etc/ssl/certs
share_path: /usr/local/share/ca-certificates/
+readinessCheck:
+ wait_for:
+ - so-mariadb-config
+
#################################################################
# Secrets metaconfig
#################################################################
passwordPolicy: required
annotations:
helm.sh/hook: pre-upgrade,pre-install
- helm.sh/hook-weight: "0"
+ helm.sh/hook-weight: '0'
helm.sh/hook-delete-policy: before-hook-creation
- uid: db-user-creds
name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds'
login: '{{ .Values.dbCreds.adminName }}'
password: '{{ .Values.dbCreds.adminPassword }}'
passwordPolicy: generate
- - uid: "so-onap-certs"
+ - uid: 'so-onap-certs'
name: &so-certs '{{ include "common.release" . }}-so-certs'
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
filePaths:
- - resources/config/certificates/onap-ca.crt
- resources/config/certificates/msb-ca.crt
+ - uid: 'mso-key'
+ name: &mso-key '{{ include "common.release" . }}-mso-key'
+ type: password
+ password: '{{ .Values.mso.msoKey }}'
+ - uid: mso-oof-auth
+ name: &mso-oof-auth '{{ include "common.release" . }}-mso-oof-auth'
+ type: basicAuth
+ login: '{{ .Values.mso.oof.login }}'
+ password: '{{ .Values.mso.oof.password }}'
+ passwordPolicy: required
+ - uid: server-actuator-creds
+ name: &actuator-secrets '{{ include "common.release" . }}-so-server-actuator-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
+ login: '{{ .Values.server.actuator.username }}'
+ password: '{{ .Values.server.actuator.password }}'
+ passwordPolicy: required
+ - uid: server-bpel-creds
+ name: &bpel-secrets '{{ include "common.release" . }}-so-server-bpel-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}'
+ login: '{{ .Values.server.bpel.username }}'
+ password: '{{ .Values.server.bpel.password }}'
+ passwordPolicy: required
+ - uid: so-aaf-creds
+ name: &aaf-secrets '{{ include "common.release" . }}-so-server-aaf-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}'
+ login: '{{ .Values.server.aaf.username }}'
+ password: '{{ .Values.server.aaf.password }}'
+ passwordPolicy: required
+ - uid: so-aai-creds
+ name: &aai-secrets '{{ include "common.release" . }}-so-server-aai-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}'
+ login: '{{ .Values.server.aai.username }}'
+ password: '{{ .Values.server.aai.password }}'
+ passwordPolicy: required
+
+aafConfig:
+ permission_user: 1000
+ permission_group: 999
+
+aaf:
+ trustore: org.onap.so.trust.jks
#################################################################
# Application configuration defaults.
userName: so_user
adminName: so_admin
-repository: nexus3.onap.org:10001
-image: onap/so/api-handler-infra:1.6.4
+image: onap/so/api-handler-infra:1.7.10
+
+server:
+ aaf:
+ username: so@so.onap.org
+ password: demo123456
+ # aafCredsExternalSecret: some secret
+ aai:
+ username: aai@aai.onap.org
+ password: demo123456!
+ # aaiCredsExternalSecret: some secret
+ actuator:
+ username: mso_admin
+ password: password1$
+ # actuatorCredsExternalSecret: some secret
+ bpel:
+ username: bpel
+ password: password1$
+ # bpelCredsExternalSecret: some secret
+
pullPolicy: Always
replicaCount: 1
minReadySeconds: 10
-containerPort: 8080
+containerPort: &containerPort 8080
logPath: ./logs/apih/
app: api-handler-infra
service:
- type: NodePort
- nodePort: 77
- internalPort: 8080
- externalPort: 8080
- portName: so-apih-port
+ type: NodePort
+ nodePort: 77
+ internalPort: *containerPort
+ externalPort: *containerPort
+ portName: so-apih-port
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-apih-cert-init
+ certInitializer:
+ nameOverride: so-apih-cert-init
+ credsPath: /opt/app/osaaf/local
+ certSecret: *so-certs
+ containerPort: *containerPort
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
cpu: 1000m
memory: 2Gi
unlimited: {}
-livenessProbe:
- path: /manage/health
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
nodeSelector: {}
affinity: {}
ingress:
enabled: false
service:
- - baseaddr: "so.api"
- name: "so"
+ - baseaddr: 'so.api'
+ name: 'so'
port: 8080
config:
- ssl: "none"
+ ssl: 'none'
mso:
adapters:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.apihPerm
- noAuthn: /manage/health
camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
sdc:
client:
auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
aai:
auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F
+ oof:
+ login: test
+ password: testpwd
so:
operationalEnv:
dmaap:
health:
auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
+so-appc-orchestrator:
+ enabled: false
+ server:
+ actuatorCredsExternalSecret: *actuator-secrets
+ db:
+ <<: *dbSecrets
+
so-bpmn-infra:
- certSecret: *so-certs
db:
<<: *dbSecrets
- cds:
- auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
- aai:
- auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885
- mso:
- key: 07a7159d3bf51a0e53be7a8f89699be7
- adapters:
- requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
- db:
- auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
- password: wLg4sjrAFUS8rfVfdvTXeQ==
- po:
- auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
- config:
- cadi:
- aafId: so@so.onap.org
- aaafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.bpmnPerm
- noAuthn: /manage/health
- sdnc:
- password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F
- sniro:
- auth: test:testpwd
- endpoint: http://replaceme:28090/optimizationInstance/V1/create
- oof:
- auth: test:testpwd
- so:
- vnfm:
- adapter:
- auth: Basic dm5mbTpwYXNzd29yZDEk
so-catalog-db-adapter:
- certSecret: *so-certs
+ enabled: true
db:
<<: *dbSecrets
+
+so-cnf-adapter:
+ enabled: true
+ db:
+ <<: *dbSecrets
+ server:
+ aafCredsExternalSecret: *aaf-secrets
+ aaiCredsExternalSecret: *aai-secrets
+ actuatorCredsExternalSecret: *actuator-secrets
mso:
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.catalogDbAdapterPerm
- noAuthn: /manage/health
- adapters:
- db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ msoKeySecret: *mso-key
+
+so-etsi-nfvo-ns-lcm:
+ enabled: true
+ db:
+ <<: *dbSecrets
+
+so-mariadb:
+ db:
+ rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
+ rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
+ backupCredsExternalSecret: *dbBackupCredsSecretName
+ userCredsExternalSecret: *dbUserCredsSecretName
+ adminCredsExternalSecret: *dbAdminCredsSecretName
so-monitoring:
- certSecret: *so-certs
+ enabled: true
db:
<<: *dbSecrets
-so-openstack-adapter:
- certSecret: *so-certs
+so-nssmf-adapter:
+ enabled: true
+ server:
+ actuatorCredsExternalSecret: *actuator-secrets
+ bpelCredsExternalSecret: *bpel-secrets
+ db:
+ <<: *dbSecrets
+
+so-oof-adapter:
+ enabled: true
db:
<<: *dbSecrets
- aaf:
- auth:
- encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F
- aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
- org:
- onap:
- so:
- adapters:
- bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
- valet:
- basic_auth: bXNvOkphY2tkYXdzIGxvdmUgbXkgYmlnIHNwaGlueCBvZiBxdWFydHouCg==
mso:
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
- auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
- basicUser: poBpmn
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.openStackAdapterPerm
- noAuthn: /manage/health
- db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ msoKeySecret: *mso-key
+ camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+ oof:
+ authSecret: *mso-oof-auth
+
+so-openstack-adapter:
+ enabled: true
+ db:
+ <<: *dbSecrets
so-request-db-adapter:
- certSecret: *so-certs
db:
<<: *dbSecrets
- mso:
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.requestDbAdapterPerm
- noAuthn: /manage/health
- adapters:
- requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
so-sdc-controller:
- certSecret: *so-certs
db:
<<: *dbSecrets
- aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
- mso:
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.sdcControllerPerm
- noAuthn: /manage/health
- asdc:
- config:
- key: 566B754875657232314F5548556D3665
- requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
- asdc-connections:
- asdc-controller1:
- password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
so-sdnc-adapter:
- certSecret: *so-certs
+ enabled: true
db:
<<: *dbSecrets
- org:
- onap:
- so:
- adapters:
- sdnc:
- bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100
- sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135
- network:
- encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
- mso:
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.sdncAdapterPerm
- noAuthn: /manage/health
- adapters:
- requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
- rest:
- aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
so-ve-vnfm-adapter:
- certSecret: *so-certs
+ enabled: false
so-vfc-adapter:
- certSecret: *so-certs
- db:
- <<: *dbSecrets
- mso:
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.vfcAdapterPerm
- noAuthn: /manage/health
- adapters:
- requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
-
-so-nssmf-adapter:
- certSecret: *so-certs
+ enabled: true
db:
<<: *dbSecrets
- aaf:
- auth:
- username: so@so.onap.org
- password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA
- aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
- mso:
- key: 07a7159d3bf51a0e53be7a8f89699be7
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.nssmfAdapterPerm
- noAuthn: /manage/health
- adapters:
- requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
so-vnfm-adapter:
- certSecret: *so-certs
- aaf:
- auth:
- username: so@so.onap.org
- password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA
- aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
- sdc:
- username: mso
- password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
- key: 566B754875657232314F5548556D3665
- mso:
- key: 07a7159d3bf51a0e53be7a8f89699be7
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.vnfmAdapterPerm
- noAuthn: /manage/health
+ enabled: true
-so-mariadb:
- db:
- rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
- rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
- backupCredsExternalSecret: *dbBackupCredsSecretName
- userCredsExternalSecret: *dbUserCredsSecretName
- adminCredsExternalSecret: *dbAdminCredsSecretName
-so-appc-orchestrator:
- certSecret: *so-certs
- db:
- <<: *dbSecrets
- mso:
- basicUser: poBpmn
- auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.openStackAdapterPerm
- noAuthn: /manage/health
- appc:
- client:
- topic:
- read:
- name: APPC-LCM-WRITE
- timeout: 360000
- write: APPC-LCM-READ
- sdnc:
- read: SDNC-LCM-WRITE
- write: SDNC-LCM-READ
- response:
- timeout: 3600000
- key: VIlbtVl6YLhNUrtU
- secret: 64AG2hF4pYeG2pq7CT6XwUOT
- service: ueb
- auth:
- rest:
- aaf: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
- aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+{{/*
# Copyright © 2018 ZTE
# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
# Declare variables to be passed into your templates.
global:
uuiPortPrefix: 303
- readinessRepository: oomk8s
+
subChartsOnly:
enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:3.0.4
+image: onap/usecase-ui-server:3.0.6
pullPolicy: Always
# application configuration
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
repository: '@local'
\ No newline at end of file
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
spec:
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
# Declare variables to be passed into your templates.
global:
uuiPortPrefix: 303
- readinessRepository: oomk8s
+
subChartsOnly:
enabled: true
flavor: small
# application image
-repository: nexus3.onap.org:10001
-image: onap/usecase-ui:3.0.4
+image: onap/usecase-ui:3.0.6
pullPolicy: Always
# application configuration
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-version: 1
-disable_existing_loggers: False
-
-loggers:
- driver:
- handlers: [gvnfmdriverlocal_handler, gvnfmdriver_handler]
- level: "DEBUG"
- propagate: False
- django:
- handlers: [django_handler]
- level: "DEBUG"
- propagate: False
-handlers:
- gvnfmdriverlocal_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "logs/runtime_gvnfmdriver.log"
- formatter:
- "standard"
- maxBytes: 52428800
- backupCount: 10
- gvnfmdriver_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "/var/log/onap/vfc/gvnfmdriver/runtime_gvnfmdriver.log"
- formatter:
- "mdcFormat"
- maxBytes: 52428800
- backupCount: 10
- django_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "logs/django.log"
- formatter:
- "standard"
- maxBytes: 52428800
- backupCount: 10
-formatters:
- standard:
- format:
- "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s"
- mdcFormat:
- format:
- "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
- - name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
- volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-logconfig
- mountPath: /opt/vfc/gvnfmdriver/config/log.yml
- subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
-
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logconfig
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
-
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-vfc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "gvnfmdriver",
- "version": "v1",
- "url": "/api/gvnfmdriver/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/vfc/gvnfmdriver:1.3.9
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: vfc-generic-vnfm-driver
- portName: vfc-generic-vnfm-driver
- externalPort: 8484
- internalPort: 8484
-# nodePort: 30484
-
-ingress:
- enabled: false
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 500Mi
- requests:
- cpu: 100m
- memory: 250Mi
- large:
- limits:
- cpu: 400m
- memory: 1000Mi
- requests:
- cpu: 200m
- memory: 500Mi
- unlimited: {}
+++ /dev/null
-###############################################################################
-# Copyright 2016, Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-###############################################################################
-log4j.rootLogger=INFO,root
-log4j.appender.root.Append=true
-
-#Log Directory
-logDir=/var/log/onap
-componentName=vfc
-subComponentName=huaweivnfmdriver
-log4j.appender.root.File=${logDir}/${componentName}/${subComponentName}/vnfmadapterservice.log
-
-log4j.appender.root.layout.ConversionPattern=%d %-5p [%t][%X{moduleID}][%C %L] %m%n
-log4j.appender.root.layout=org.apache.log4j.PatternLayout
-log4j.appender.root.MaxBackupIndex=50
-log4j.appender.root.MaxFileSize=20MB
-log4j.appender.root=org.apache.log4j.RollingFileAppender
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- initContainers:
-#Example init container for dependency checking
-# - command:
-# - /root/ready.py
-# args:
-# - --container-name
-# - mariadb
-# env:
-# - name: NAMESPACE
-# valueFrom:
-# fieldRef:
-# apiVersion: v1
-# fieldPath: metadata.namespace
-# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-# imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-# name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
- - name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
- volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-logconfig
- mountPath: /opt/vfc/hwvnfmdriver/config/log4j.properties
- subPath: log4j.properties
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
-
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logconfig
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
-
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-vfc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "huaweivnfmdriver",
- "version": "v1",
- "url": "/api/huaweivnfmdriver/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - name: {{ .Values.service.portName }}
- port: {{ .Values.service.internalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- - name: {{ .Values.service.portName }}2
- port: {{ .Values.service.internalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/vfc/nfvo/svnfm/huawei:1.3.6
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: vfc-huawei-vnfm-driver
- portName: vfc-huawei-vnfm-driver
- externalPort: 8482
- internalPort: 8482
- externalPort2: 8483
- internalPort2: 8483
-# nodePort: 30482
-
-ingress:
- enabled: false
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 2000Mi
- requests:
- cpu: 100m
- memory: 1000Mi
- large:
- limits:
- cpu: 400m
- memory: 4000Mi
- requests:
- cpu: 200m
- memory: 2000Mi
- unlimited: {}
\ No newline at end of file
+++ /dev/null
-version: 1
-disable_existing_loggers: False
-
-loggers:
- nslcm:
- handlers: [nslcmlocal_handler, nslcm_handler]
- level: "DEBUG"
- propagate: False
- django:
- handlers: [django_handler]
- level: "DEBUG"
- propagate: False
-handlers:
- nslcmlocal_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "logs/runtime_nslcm.log"
- formatter:
- "standard"
- maxBytes: 52428800
- backupCount: 10
- nslcm_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "/var/log/onap/vfc/nslcm/runtime_nslcm.log"
- formatter:
- "mdcFormat"
- maxBytes: 52428800
- backupCount: 10
- django_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "logs/django.log"
- formatter:
- "standard"
- maxBytes: 52428800
- backupCount: 10
-formatters:
- standard:
- format:
- "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s"
- mdcFormat:
- format:
- "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.config.mariadbService }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- command:
- - sh
- args:
- - -c
- - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
- - name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: MYSQL_ADDR
- value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- - name: MYSQL_ROOT_USER
- value: "{{ .Values.global.config.mariadb_admin }}"
- - name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
- volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-logconfig
- mountPath: /opt/vfc/nslcm/config/log.yml
- subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
-
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logconfig
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
-
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-vfc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright (c) 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "nslcm",
- "version": "v1",
- "url": "/api/nslcm/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: "db-root-pass"
- externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
- type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
- policy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/vfc/nslcm:1.3.9
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- # mariadbRootPassword: secretpassword
- # mariadbRootPasswordExternalSecret: some secret
-
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: vfc-nslcm
- portName: vfc-nslcm
- externalPort: 8403
- internalPort: 8403
-# nodePort: 30403
-
-ingress:
- enabled: false
-
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 500Mi
- requests:
- cpu: 100m
- memory: 250Mi
- large:
- limits:
- cpu: 400m
- memory: 1000Mi
- requests:
- cpu: 200m
- memory: 500Mi
- unlimited: {}
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright (C) 2018 Verizon. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP VFC - DB
-name: vfc-redis
-version: 6.0.0
+++ /dev/null
-# Copyright (C) 2018 Verizon. All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright (C) 2018 Verizon. All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}2
-
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
-
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright (C) 2018 Verizon. All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/vfc/db:1.3.3
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 120
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: vfc-redis
- portName: vfc-redis
- externalPort: 3306
- internalPort: 3306
- externalPort2: 6379
- internalPort2: 6379
-
-ingress:
- enabled: false
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 500Mi
- requests:
- cpu: 100m
- memory: 250Mi
- large:
- limits:
- cpu: 400m
- memory: 1000Mi
- requests:
- cpu: 200m
- memory: 500Mi
- unlimited: {}
\ No newline at end of file
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-version: 1
-disable_existing_loggers: False
-
-loggers:
- mgr:
- handlers: [vnfmgrlocal_handler, vnfmgr_handler]
- level: "DEBUG"
- propagate: False
- django:
- handlers: [django_handler]
- level: "DEBUG"
- propagate: False
-handlers:
- vnfmgrlocal_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "logs/runtime_mgr.log"
- formatter:
- "standard"
- maxBytes: 52428800
- backupCount: 10
- vnfmgr_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "/var/log/onap/vfc/gvnfm-vnfmgr/runtime_mgr.log"
- formatter:
- "mdcFormat"
- maxBytes: 52428800
- backupCount: 10
- django_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "logs/django.log"
- formatter:
- "standard"
- maxBytes: 52428800
- backupCount: 10
-formatters:
- standard:
- format:
- "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s"
- mdcFormat:
- format:
- "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.config.mariadbService }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- command:
- - sh
- args:
- - -c
- - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
- - name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: MYSQL_ADDR
- value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- - name: MYSQL_ROOT_USER
- value: "{{ .Values.global.config.mariadb_admin }}"
- - name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
- volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-logconfig
- mountPath: /opt/vfc/gvnfm-vnflcm/config/log.yml
- subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
-
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logconfig
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
-
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-vfc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright (c) 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "vnflcm",
- "version": "v1",
- "url": "/api/vnflcm/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: "db-root-pass"
- externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
- type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
- policy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/vfc/vnflcm:1.3.9
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- # mariadbRootPassword: secretpassword
- # mariadbRootPasswordExternalSecret: some secret
-
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: vfc-vnflcm
- portName: vfc-vnflcm
- externalPort: 8801
- internalPort: 8801
-# nodePort: 30801
-
-ingress:
- enabled: false
-
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 500Mi
- requests:
- cpu: 100m
- memory: 250Mi
- large:
- limits:
- cpu: 400m
- memory: 1000Mi
- requests:
- cpu: 200m
- memory: 500Mi
- unlimited: {}
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-version: 1
-disable_existing_loggers: False
-
-loggers:
- mgr:
- handlers: [vnfmgrlocal_handler, vnfmgr_handler]
- level: "DEBUG"
- propagate: False
- django:
- handlers: [django_handler]
- level: "DEBUG"
- propagate: False
-handlers:
- vnfmgrlocal_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "logs/runtime_mgr.log"
- formatter:
- "standard"
- maxBytes: 52428800
- backupCount: 10
- vnfmgr_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "/var/log/onap/vfc/gvnfm-vnfmgr/runtime_mgr.log"
- formatter:
- "mdcFormat"
- maxBytes: 52428800
- backupCount: 10
- django_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "logs/django.log"
- formatter:
- "standard"
- maxBytes: 52428800
- backupCount: 10
-formatters:
- standard:
- format:
- "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s"
- mdcFormat:
- format:
- "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.config.mariadbService }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- command:
- - sh
- args:
- - -c
- - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
- - name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: MYSQL_ADDR
- value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
- - name: MYSQL_ROOT_USER
- value: "{{ .Values.global.config.mariadb_admin }}"
- - name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
- volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-logconfig
- mountPath: /opt/vfc/gvnfm-vnfmgr/config/log.yml
- subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
-
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logconfig
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
-
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-vfc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright (c) 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "vnfmgr",
- "version": "v1",
- "url": "/api/vnfmgr/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: "db-root-pass"
- externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
- type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
- policy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/vfc/vnfmgr:1.3.8
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- # mariadbRootPassword: secretpassword
- # mariadbRootPasswordExternalSecret: some secret
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: vfc-vnfmgr
- portName: vfc-vnfmgr
- externalPort: 8803
- internalPort: 8803
-# nodePort: 30803
-
-ingress:
- enabled: false
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 500Mi
- requests:
- cpu: 100m
- memory: 250Mi
- large:
- limits:
- cpu: 400m
- memory: 1000Mi
- requests:
- cpu: 200m
- memory: 500Mi
- unlimited: {}
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-version: 1
-disable_existing_loggers: False
-
-loggers:
- lcm:
- handlers: [vnflcmlocal_handler, vnflcm_handler]
- level: "DEBUG"
- propagate: False
- django:
- handlers: [django_handler]
- level: "DEBUG"
- propagate: False
-handlers:
- vnflcmlocal_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "logs/runtime_lcm.log"
- formatter:
- "standard"
- maxBytes: 52428800
- backupCount: 10
- vnflcm_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "/var/log/onap/vfc/gvnfm-vnflcm/runtime_lcm.log"
- formatter:
- "mdcFormat"
- maxBytes: 52428800
- backupCount: 10
- django_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "logs/django.log"
- formatter:
- "standard"
- maxBytes: 52428800
- backupCount: 10
-formatters:
- standard:
- format:
- "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s"
- mdcFormat:
- format:
- "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.config.mariadbService }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- command:
- - sh
- args:
- - -c
- - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
- - name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: MYSQL_ADDR
- value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
- - name: MYSQL_ROOT_USER
- value: "{{ .Values.global.config.mariadb_admin }}"
- - name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
- volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-logconfig
- mountPath: /opt/vfc/gvnfm-vnfres/config/log.yml
- subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
-
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logconfig
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
-
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-vfc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright (c) 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "vnfres",
- "version": "v1",
- "url": "/api/vnfres/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: "db-root-pass"
- externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
- type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
- policy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/vfc/vnfres:1.3.7
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- # mariadbRootPassword: secretpassword
- # mariadbRootPasswordExternalSecret: some secret
-
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: vfc-vnfres
- portName: vfc-vnfres
- externalPort: 8802
- internalPort: 8802
-# nodePort: 30802
-
-ingress:
- enabled: false
-
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 500Mi
- requests:
- cpu: 100m
- memory: 250Mi
- large:
- limits:
- cpu: 400m
- memory: 1000Mi
- requests:
- cpu: 200m
- memory: 500Mi
- unlimited: {}
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-version: 1
-disable_existing_loggers: False
-
-loggers:
- ztevnfmdriver:
- handlers: [ztevnfmdriverlocal_handler, ztevnfmdriver_handler]
- level: "DEBUG"
- propagate: False
- django:
- handlers: [django_handler]
- level: "DEBUG"
- propagate: False
-handlers:
- ztevnfmdriverlocal_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "logs/runtime_ztevnfmdriver.log"
- formatter:
- "standard"
- maxBytes: 52428800
- backupCount: 10
- ztevnfmdriver_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "/var/log/onap/vfc/ztevnfmdriver/runtime_ztevnfmdriver.log"
- formatter:
- "mdcFormat"
- maxBytes: 52428800
- backupCount: 10
- django_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "logs/django.log"
- formatter:
- "standard"
- maxBytes: 52428800
- backupCount: 10
-formatters:
- standard:
- format:
- "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s"
- mdcFormat:
- format:
- "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- initContainers:
-#Example init container for dependency checking
-# - command:
-# - /root/ready.py
-# args:
-# - --container-name
-# - mariadb
-# env:
-# - name: NAMESPACE
-# valueFrom:
-# fieldRef:
-# apiVersion: v1
-# fieldPath: metadata.namespace
-# image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-# imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-# name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
- - name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
- volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-logconfig
- mountPath: /opt/vfc/ztevnfmdriver/config/log.yml
- subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
-
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logconfig
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
-
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-vfc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "ztevnfmdriver",
- "version": "v1",
- "url": "/api/ztevnfmdriver/v1",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/vfc/ztevnfmdriver:1.3.6
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: vfc-zte-vnfm-driver
- portName: vfc-zte-vnfm-driver
- externalPort: 8410
- internalPort: 8410
-
-ingress:
- enabled: false
-
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 100m
- memory: 500Mi
- requests:
- cpu: 50m
- memory: 250Mi
- large:
- limits:
- cpu: 200m
- memory: 1000Mi
- requests:
- cpu: 100m
- memory: 500Mi
- unlimited: {}
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+version: 1
+disable_existing_loggers: False
+
+loggers:
+ driver:
+ handlers: [gvnfmdriverlocal_handler, gvnfmdriver_handler]
+ level: "DEBUG"
+ propagate: False
+ django:
+ handlers: [django_handler]
+ level: "DEBUG"
+ propagate: False
+handlers:
+ console:
+ class: "logging.StreamHandler"
+ formatter: "standard"
+ gvnfmdriverlocal_handler:
+ level: "DEBUG"
+ class:
+ "logging.handlers.RotatingFileHandler"
+ filename: "logs/runtime_gvnfmdriver.log"
+ formatter:
+ "standard"
+ maxBytes: 52428800
+ backupCount: 10
+ gvnfmdriver_handler:
+ level: "DEBUG"
+ class:
+ "logging.handlers.RotatingFileHandler"
+ filename: "/var/log/onap/vfc/gvnfmdriver/runtime_gvnfmdriver.log"
+ formatter:
+ "mdcFormat"
+ maxBytes: 52428800
+ backupCount: 10
+ django_handler:
+ level: "DEBUG"
+ class:
+ "logging.handlers.RotatingFileHandler"
+ filename: "logs/django.log"
+ formatter:
+ "standard"
+ maxBytes: 52428800
+ backupCount: 10
+formatters:
+ standard:
+ format:
+ "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s"
+ mdcFormat:
+ format:
+ "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
+ mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
+ datefmt: "%Y-%m-%d %H:%M:%S"
+ (): onaplogging.mdcformatter.MDCFormatter
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-logging-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ annotations:
+ sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-logconfig
+ mountPath: /opt/vfc/gvnfmdriver/config/log.yml
+ subPath: log.yml
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # side car containers
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+
+ volumes:
+ - name: {{ include "common.fullname" . }}-localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logconfig
+ configMap:
+ name : {{ include "common.fullname" . }}-logging-configmap
+
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-vfc-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "gvnfmdriver",
+ "version": "v1",
+ "url": "/api/gvnfmdriver/v1",
+ "protocol": "REST",
+ "port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "visualRange":"1"
+ }
+ ]'
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ config:
+ ssl_enabled: false
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+flavor: small
+
+image: onap/vfc/gvnfmdriver:1.4.0
+pullPolicy: Always
+
+#Istio sidecar injection policy
+istioSidecar: true
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config: {}
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: vfc-generic-vnfm-driver
+ portName: vfc-generic-vnfm-driver
+ externalPort: 8484
+ internalPort: 8484
+# nodePort: 30484
+
+ingress:
+ enabled: false
+
+# Configure resource requests and limits
+resources:
+ small:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 100m
+ memory: 250Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1000Mi
+ requests:
+ cpu: 200m
+ memory: 500Mi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+###############################################################################
+# Copyright 2016, Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+###############################################################################
+*/}}
+log4j.rootLogger=INFO,root
+log4j.appender.root.Append=true
+
+#Log Directory
+logDir=/var/log/onap
+componentName=vfc
+subComponentName=huaweivnfmdriver
+log4j.appender.root.File=${logDir}/${componentName}/${subComponentName}/vnfmadapterservice.log
+
+log4j.appender.root.layout.ConversionPattern=%d %-5p [%t][%X{moduleID}][%C %L] %m%n
+log4j.appender.root.layout=org.apache.log4j.PatternLayout
+log4j.appender.root.MaxBackupIndex=50
+log4j.appender.root.MaxFileSize=20MB
+log4j.appender.root=org.apache.log4j.RollingFileAppender
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-logging-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ annotations:
+ sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
+ - name: MSB_ADDR
+ value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-logconfig
+ mountPath: /opt/vfc/hwvnfmdriver/config/log4j.properties
+ subPath: log4j.properties
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # side car containers
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+
+ volumes:
+ - name: {{ include "common.fullname" . }}-localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logconfig
+ configMap:
+ name : {{ include "common.fullname" . }}-logging-configmap
+
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-vfc-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "huaweivnfmdriver",
+ "version": "v1",
+ "url": "/api/huaweivnfmdriver/v1",
+ "protocol": "REST",
+ "port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "visualRange":"1"
+ }
+ ]'
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - name: {{ .Values.service.portName }}
+ port: {{ .Values.service.internalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ - name: {{ .Values.service.portName }}2
+ port: {{ .Values.service.internalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName }}2
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ config:
+ ssl_enabled: false
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+flavor: small
+
+image: onap/vfc/nfvo/svnfm/huawei:1.3.8
+pullPolicy: Always
+
+#Istio sidecar injection policy
+istioSidecar: true
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config: {}
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: vfc-huawei-vnfm-driver
+ portName: vfc-huawei-vnfm-driver
+ externalPort: 8482
+ internalPort: 8482
+ externalPort2: 8483
+ internalPort2: 8483
+# nodePort: 30482
+
+ingress:
+ enabled: false
+
+# Configure resource requests and limits
+resources:
+ small:
+ limits:
+ cpu: 200m
+ memory: 2000Mi
+ requests:
+ cpu: 100m
+ memory: 1000Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 4000Mi
+ requests:
+ cpu: 200m
+ memory: 2000Mi
+ unlimited: {}
\ No newline at end of file
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+version: 1
+disable_existing_loggers: False
+
+loggers:
+ nslcm:
+ handlers: [nslcmlocal_handler, nslcm_handler]
+ level: "DEBUG"
+ propagate: False
+ django:
+ handlers: [django_handler]
+ level: "DEBUG"
+ propagate: False
+handlers:
+ console:
+ class: "logging.StreamHandler"
+ formatter: "standard"
+ nslcmlocal_handler:
+ level: "DEBUG"
+ class:
+ "logging.handlers.RotatingFileHandler"
+ filename: "logs/runtime_nslcm.log"
+ formatter:
+ "standard"
+ maxBytes: 52428800
+ backupCount: 10
+ nslcm_handler:
+ level: "DEBUG"
+ class:
+ "logging.handlers.RotatingFileHandler"
+ filename: "/var/log/onap/vfc/nslcm/runtime_nslcm.log"
+ formatter:
+ "mdcFormat"
+ maxBytes: 52428800
+ backupCount: 10
+ django_handler:
+ level: "DEBUG"
+ class:
+ "logging.handlers.RotatingFileHandler"
+ filename: "logs/django.log"
+ formatter:
+ "standard"
+ maxBytes: 52428800
+ backupCount: 10
+formatters:
+ standard:
+ format:
+ "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s"
+ mdcFormat:
+ format:
+ "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
+ mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
+ datefmt: "%Y-%m-%d %H:%M:%S"
+ (): onaplogging.mdcformatter.MDCFormatter
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-logging-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ annotations:
+ sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{ .Values.config.mariadbService }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
+ - name: MYSQL_ADDR
+ value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ - name: MYSQL_ROOT_USER
+ value: "{{ .Values.global.config.mariadb_admin }}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-logconfig
+ mountPath: /opt/vfc/nslcm/config/log.yml
+ subPath: log.yml
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # side car containers
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+
+ volumes:
+ - name: {{ include "common.fullname" . }}-localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logconfig
+ configMap:
+ name : {{ include "common.fullname" . }}-logging-configmap
+
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-vfc-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "nslcm",
+ "version": "v1",
+ "url": "/api/nslcm/v1",
+ "protocol": "REST",
+ "port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "visualRange":"1"
+ },
+ {
+ "serviceName": "nslcm",
+ "version": "v2",
+ "url": "/api/nslcm/v2",
+ "protocol": "REST",
+ "port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "visualRange":"1"
+ }
+ ]'
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ config:
+ ssl_enabled: false
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+ policy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+flavor: small
+
+image: onap/vfc/nslcm:1.4.1
+pullPolicy: Always
+
+#Istio sidecar injection policy
+istioSidecar: true
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ mariadbRootPassword: secretpassword
+ # mariadbRootPasswordExternalSecret: some secret
+
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: vfc-nslcm
+ portName: vfc-nslcm
+ externalPort: 8403
+ internalPort: 8403
+# nodePort: 30403
+
+ingress:
+ enabled: false
+
+
+# Configure resource requests and limits
+resources:
+ small:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 100m
+ memory: 250Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1000Mi
+ requests:
+ cpu: 200m
+ memory: 500Mi
+ unlimited: {}
--- /dev/null
+# Copyright (C) 2018 Verizon. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP VFC - REDIS
+name: vfc-redis
+version: 6.0.0
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# Copyright (C) 2018 Verizon. All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright (C) 2018 Verizon. All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright (C) 2018 Verizon. All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+flavor: small
+
+image: onap/vfc/db:1.3.4
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config: {}
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: vfc-redis
+ portName: vfc-redis
+ externalPort: 6379
+ internalPort: 6379
+
+ingress:
+ enabled: false
+
+# Configure resource requests and limits
+resources:
+ small:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 100m
+ memory: 250Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1000Mi
+ requests:
+ cpu: 200m
+ memory: 500Mi
+ unlimited: {}
\ No newline at end of file
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+version: 1
+disable_existing_loggers: False
+
+loggers:
+ mgr:
+ handlers: [vnfmgrlocal_handler, vnfmgr_handler]
+ level: "DEBUG"
+ propagate: False
+ django:
+ handlers: [django_handler]
+ level: "DEBUG"
+ propagate: False
+handlers:
+ console:
+ class: "logging.StreamHandler"
+ formatter: "standard"
+ vnfmgrlocal_handler:
+ level: "DEBUG"
+ class:
+ "logging.handlers.RotatingFileHandler"
+ filename: "logs/runtime_mgr.log"
+ formatter:
+ "standard"
+ maxBytes: 52428800
+ backupCount: 10
+ vnfmgr_handler:
+ level: "DEBUG"
+ class:
+ "logging.handlers.RotatingFileHandler"
+ filename: "/var/log/onap/vfc/gvnfm-vnfmgr/runtime_mgr.log"
+ formatter:
+ "mdcFormat"
+ maxBytes: 52428800
+ backupCount: 10
+ django_handler:
+ level: "DEBUG"
+ class:
+ "logging.handlers.RotatingFileHandler"
+ filename: "logs/django.log"
+ formatter:
+ "standard"
+ maxBytes: 52428800
+ backupCount: 10
+formatters:
+ standard:
+ format:
+ "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s"
+ mdcFormat:
+ format:
+ "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
+ mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
+ datefmt: "%Y-%m-%d %H:%M:%S"
+ (): onaplogging.mdcformatter.MDCFormatter
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-logging-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ annotations:
+ sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{ .Values.config.mariadbService }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
+ - name: MYSQL_ADDR
+ value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ - name: MYSQL_ROOT_USER
+ value: "{{ .Values.global.config.mariadb_admin }}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-logconfig
+ mountPath: /opt/vfc/gvnfm-vnflcm/config/log.yml
+ subPath: log.yml
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # side car containers
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+
+ volumes:
+ - name: {{ include "common.fullname" . }}-localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logconfig
+ configMap:
+ name : {{ include "common.fullname" . }}-logging-configmap
+
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-vfc-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "vnflcm",
+ "version": "v1",
+ "url": "/api/vnflcm/v1",
+ "protocol": "REST",
+ "port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "visualRange":"1"
+ }
+ ]'
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ config:
+ ssl_enabled: false
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+ policy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+flavor: small
+
+image: onap/vfc/vnflcm:1.4.0
+pullPolicy: Always
+
+#Istio sidecar injection policy
+istioSidecar: true
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ mariadbRootPassword: secretpassword
+ # mariadbRootPasswordExternalSecret: some secret
+
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: vfc-vnflcm
+ portName: vfc-vnflcm
+ externalPort: 8801
+ internalPort: 8801
+# nodePort: 30801
+
+ingress:
+ enabled: false
+
+
+# Configure resource requests and limits
+resources:
+ small:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 100m
+ memory: 250Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1000Mi
+ requests:
+ cpu: 200m
+ memory: 500Mi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+version: 1
+disable_existing_loggers: False
+
+loggers:
+ mgr:
+ handlers: [vnfmgrlocal_handler, vnfmgr_handler]
+ level: "DEBUG"
+ propagate: False
+ django:
+ handlers: [django_handler]
+ level: "DEBUG"
+ propagate: False
+handlers:
+ console:
+ class: "logging.StreamHandler"
+ formatter: "standard"
+ vnfmgrlocal_handler:
+ level: "DEBUG"
+ class:
+ "logging.handlers.RotatingFileHandler"
+ filename: "logs/runtime_mgr.log"
+ formatter:
+ "standard"
+ maxBytes: 52428800
+ backupCount: 10
+ vnfmgr_handler:
+ level: "DEBUG"
+ class:
+ "logging.handlers.RotatingFileHandler"
+ filename: "/var/log/onap/vfc/gvnfm-vnfmgr/runtime_mgr.log"
+ formatter:
+ "mdcFormat"
+ maxBytes: 52428800
+ backupCount: 10
+ django_handler:
+ level: "DEBUG"
+ class:
+ "logging.handlers.RotatingFileHandler"
+ filename: "logs/django.log"
+ formatter:
+ "standard"
+ maxBytes: 52428800
+ backupCount: 10
+formatters:
+ standard:
+ format:
+ "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s"
+ mdcFormat:
+ format:
+ "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
+ mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
+ datefmt: "%Y-%m-%d %H:%M:%S"
+ (): onaplogging.mdcformatter.MDCFormatter
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-logging-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ annotations:
+ sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{ .Values.config.mariadbService }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
+ - name: MYSQL_ADDR
+ value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
+ - name: MYSQL_ROOT_USER
+ value: "{{ .Values.global.config.mariadb_admin }}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-logconfig
+ mountPath: /opt/vfc/gvnfm-vnfmgr/config/log.yml
+ subPath: log.yml
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # side car containers
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+
+ volumes:
+ - name: {{ include "common.fullname" . }}-localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logconfig
+ configMap:
+ name : {{ include "common.fullname" . }}-logging-configmap
+
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-vfc-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "vnfmgr",
+ "version": "v1",
+ "url": "/api/vnfmgr/v1",
+ "protocol": "REST",
+ "port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "visualRange":"1"
+ }
+ ]'
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ config:
+ ssl_enabled: false
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+ policy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+flavor: small
+
+image: onap/vfc/vnfmgr:1.3.9
+pullPolicy: Always
+
+#Istio sidecar injection policy
+istioSidecar: true
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ mariadbRootPassword: secretpassword
+ # mariadbRootPasswordExternalSecret: some secret
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: vfc-vnfmgr
+ portName: vfc-vnfmgr
+ externalPort: 8803
+ internalPort: 8803
+# nodePort: 30803
+
+ingress:
+ enabled: false
+
+# Configure resource requests and limits
+resources:
+ small:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 100m
+ memory: 250Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1000Mi
+ requests:
+ cpu: 200m
+ memory: 500Mi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+version: 1
+disable_existing_loggers: False
+
+loggers:
+ lcm:
+ handlers: [vnflcmlocal_handler, vnflcm_handler]
+ level: "DEBUG"
+ propagate: False
+ django:
+ handlers: [django_handler]
+ level: "DEBUG"
+ propagate: False
+handlers:
+ console:
+ class: "logging.StreamHandler"
+ formatter: "standard"
+ vnflcmlocal_handler:
+ level: "DEBUG"
+ class:
+ "logging.handlers.RotatingFileHandler"
+ filename: "logs/runtime_lcm.log"
+ formatter:
+ "standard"
+ maxBytes: 52428800
+ backupCount: 10
+ vnflcm_handler:
+ level: "DEBUG"
+ class:
+ "logging.handlers.RotatingFileHandler"
+ filename: "/var/log/onap/vfc/gvnfm-vnflcm/runtime_lcm.log"
+ formatter:
+ "mdcFormat"
+ maxBytes: 52428800
+ backupCount: 10
+ django_handler:
+ level: "DEBUG"
+ class:
+ "logging.handlers.RotatingFileHandler"
+ filename: "logs/django.log"
+ formatter:
+ "standard"
+ maxBytes: 52428800
+ backupCount: 10
+formatters:
+ standard:
+ format:
+ "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s"
+ mdcFormat:
+ format:
+ "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
+ mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
+ datefmt: "%Y-%m-%d %H:%M:%S"
+ (): onaplogging.mdcformatter.MDCFormatter
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-logging-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ annotations:
+ sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{ .Values.config.mariadbService }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
+ - name: MYSQL_ADDR
+ value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ - name: REDIS_HOST
+ value: "{{ .Values.global.config.redisServiceName }}"
+ - name: REDIS_PORT
+ value: "{{ .Values.global.config.redisPort }}"
+ - name: MYSQL_ROOT_USER
+ value: "{{ .Values.global.config.mariadb_admin }}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-logconfig
+ mountPath: /opt/vfc/gvnfm-vnfres/config/log.yml
+ subPath: log.yml
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # side car containers
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+
+ volumes:
+ - name: {{ include "common.fullname" . }}-localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logconfig
+ configMap:
+ name : {{ include "common.fullname" . }}-logging-configmap
+
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-vfc-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "vnfres",
+ "version": "v1",
+ "url": "/api/vnfres/v1",
+ "protocol": "REST",
+ "port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "visualRange":"1"
+ }
+ ]'
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ config:
+ ssl_enabled: false
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+ policy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+flavor: small
+
+image: onap/vfc/vnfres:1.3.8
+pullPolicy: Always
+
+#Istio sidecar injection policy
+istioSidecar: true
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ mariadbRootPassword: secretpassword
+ # mariadbRootPasswordExternalSecret: some secret
+
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: vfc-vnfres
+ portName: vfc-vnfres
+ externalPort: 8802
+ internalPort: 8802
+# nodePort: 30802
+
+ingress:
+ enabled: false
+
+
+# Configure resource requests and limits
+resources:
+ small:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 100m
+ memory: 250Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1000Mi
+ requests:
+ cpu: 200m
+ memory: 500Mi
+ unlimited: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+version: 1
+disable_existing_loggers: False
+
+loggers:
+ ztevnfmdriver:
+ handlers: [ztevnfmdriverlocal_handler, ztevnfmdriver_handler]
+ level: "DEBUG"
+ propagate: False
+ django:
+ handlers: [django_handler]
+ level: "DEBUG"
+ propagate: False
+handlers:
+ console:
+ class: "logging.StreamHandler"
+ formatter: "standard"
+ ztevnfmdriverlocal_handler:
+ level: "DEBUG"
+ class:
+ "logging.handlers.RotatingFileHandler"
+ filename: "logs/runtime_ztevnfmdriver.log"
+ formatter:
+ "standard"
+ maxBytes: 52428800
+ backupCount: 10
+ ztevnfmdriver_handler:
+ level: "DEBUG"
+ class:
+ "logging.handlers.RotatingFileHandler"
+ filename: "/var/log/onap/vfc/ztevnfmdriver/runtime_ztevnfmdriver.log"
+ formatter:
+ "mdcFormat"
+ maxBytes: 52428800
+ backupCount: 10
+ django_handler:
+ level: "DEBUG"
+ class:
+ "logging.handlers.RotatingFileHandler"
+ filename: "logs/django.log"
+ formatter:
+ "standard"
+ maxBytes: 52428800
+ backupCount: 10
+formatters:
+ standard:
+ format:
+ "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s"
+ mdcFormat:
+ format:
+ "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
+ mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
+ datefmt: "%Y-%m-%d %H:%M:%S"
+ (): onaplogging.mdcformatter.MDCFormatter
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-logging-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ annotations:
+ sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: MSB_HOST
+ value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-logconfig
+ mountPath: /opt/vfc/ztevnfmdriver/config/log.yml
+ subPath: log.yml
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # side car containers
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: {{ include "repositoryGenerator.image.logging" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+
+ volumes:
+ - name: {{ include "common.fullname" . }}-localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logconfig
+ configMap:
+ name : {{ include "common.fullname" . }}-logging-configmap
+
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-vfc-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "ztevnfmdriver",
+ "version": "v1",
+ "url": "/api/ztevnfmdriver/v1",
+ "protocol": "REST",
+ "port": "{{ .Values.service.externalPort }}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "visualRange":"1"
+ }
+ ]'
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ config:
+ ssl_enabled: false
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+flavor: small
+
+image: onap/vfc/ztevnfmdriver:1.3.8
+pullPolicy: Always
+
+#Istio sidecar injection policy
+istioSidecar: true
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config: {}
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: vfc-zte-vnfm-driver
+ portName: vfc-zte-vnfm-driver
+ externalPort: 8410
+ internalPort: 8410
+
+ingress:
+ enabled: false
+
+
+# Configure resource requests and limits
+resources:
+ small:
+ limits:
+ cpu: 100m
+ memory: 500Mi
+ requests:
+ cpu: 50m
+ memory: 250Mi
+ large:
+ limits:
+ cpu: 200m
+ memory: 1000Mi
+ requests:
+ cpu: 100m
+ memory: 500Mi
+ unlimited: {}
\ No newline at end of file
- name: mariadb-galera
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
+ - name: vfc-generic-vnfm-driver
+ version: ~6.x-0
+ repository: 'file://components/vfc-generic-vnfm-driver'
+ condition: vfc-generic-vnfm-driver.enabled
+ - name: vfc-huawei-vnfm-driver
+ version: ~6.x-0
+ repository: 'file://components/vfc-huawei-vnfm-driver'
+ condition: vfc-huawei-vnfm-driver.enabled
+ - name: vfc-nslcm
+ version: ~6.x-0
+ repository: 'file://components/vfc-nslcm'
+ condition: vfc-nslcm.enabled
+ - name: vfc-redis
+ version: ~6.x-0
+ repository: 'file://components/vfc-redis'
+ condition: vfc-redis.enabled
+ - name: vfc-vnflcm
+ version: ~6.x-0
+ repository: 'file://components/vfc-vnflcm'
+ condition: vfc-vnflcm.enabled
+ - name: vfc-vnfmgr
+ version: ~6.x-0
+ repository: 'file://components/vfc-vnfmgr'
+ condition: vfc-vnfmgr.enabled
+ - name: vfc-vnfres
+ version: ~6.x-0
+ repository: 'file://components/vfc-vnfres'
+ condition: vfc-vnfres.enabled
+ - name: vfc-zte-vnfm-driver
+ version: ~6.x-0
+ repository: 'file://components/vfc-zte-vnfm-driver'
+ condition: vfc-zte-vnfm-driver.enabled
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright (c) 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
mariadbPort: 3306
mariadbRootPasswordExternalSecret: *dbRootPassSecret
+vfc-generic-vnfm-driver:
+ enabled: true
+
+vfc-huawei-vnfm-driver:
+ enabled: true
+
vfc-nslcm:
+ enabled: true
config:
<< : *dbConfig
+vfc-redis:
+ enabled: true
+
vfc-vnflcm:
+ enabled: true
config:
<< : *dbConfig
vfc-vnfmgr:
+ enabled: true
config:
<< : *dbConfig
vfc-vnfres:
+ enabled: true
config:
<< : *dbConfig
vfc-workflow-engine:
config:
workflowPort: 10550
+
+vfc-zte-vnfm-driver:
+ enabled: true
\ No newline at end of file
- name: mariadb-galera
version: ~6.x-0
repository: '@local'
+ condition: global.mariadbGalera.localCluster
+ - name: mariadb-init
+ version: ~6.x-0
+ repository: '@local'
+ condition: not global.mariadbGalera.localCluster
+
#!/bin/sh
+{{/*
# Copyright © 2018 AT&T
+# Copyright © 2020 Aarna Networks
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
+
+DB={{index .Values "mariadb-galera" "config" "mysqlDatabase" | upper }}
+eval "MYSQL_USER=\$MYSQL_USER_${DB}"
+eval "MYSQL_PASSWORD=\$MYSQL_PASSWORD_${DB}"
+
+#echo "Going to run mysql ${DB} -u${MYSQL_USER} -p${MYSQL_PASSWORD} -h${DB_HOST} -P${DB_PORT} ..."
+mysql -u${MYSQL_USER} -p${MYSQL_PASSWORD} -h${DB_HOST} -P${DB_PORT} <<'EOD'
+CREATE TABLE IF NOT EXISTS `{{index .Values "mariadb-galera" "config" "mysqlDatabase" }}`.`schema_info` (
+`SCHEMA_ID` VARCHAR(25) NOT NULL,
+`SCHEMA_DESC` VARCHAR(75) NOT NULL,
+`DATASOURCE_TYPE` VARCHAR(100) NULL DEFAULT NULL,
+`CONNECTION_URL` VARCHAR(200) NOT NULL,
+`USER_NAME` VARCHAR(45) NOT NULL,
+`PASSWORD` VARCHAR(45) NULL DEFAULT NULL,
+`DRIVER_CLASS` VARCHAR(100) NOT NULL,
+`MIN_POOL_SIZE` INT(11) NOT NULL,
+`MAX_POOL_SIZE` INT(11) NOT NULL,
+`IDLE_CONNECTION_TEST_PERIOD` INT(11) NOT NULL)
+ENGINE = InnoDB
+DEFAULT CHARACTER SET = utf8;
+EOD
-echo "Going to run mysql -u${MYSQL_USER} -p${MYSQL_PASSWORD} -h${MYSQL_HOST} -P${MYSQL_PORT} ..."
-mysql -u${MYSQL_USER} -p${MYSQL_PASSWORD} -h${MYSQL_HOST} -P${MYSQL_PORT} < /db-config/vid-pre-init.sql
if [ $? -ne 0 ];then
- echo "ERROR: Failed to run ${cmd} vid-pre-init.sql"
+ echo "ERROR: Failed to run cmd vid-pre-init.sql"
exit 1
else
echo "INFO: Database initialized successfully"
+{{/*
# Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
filebeat.prospectors:
#it is mandatory, in our case it's log
+++ /dev/null
-/*
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/
-
-CREATE TABLE IF NOT EXISTS `vid_openecomp_epsdk`.`schema_info` (
-`SCHEMA_ID` VARCHAR(25) NOT NULL,
-`SCHEMA_DESC` VARCHAR(75) NOT NULL,
-`DATASOURCE_TYPE` VARCHAR(100) NULL DEFAULT NULL,
-`CONNECTION_URL` VARCHAR(200) NOT NULL,
-`USER_NAME` VARCHAR(45) NOT NULL,
-`PASSWORD` VARCHAR(45) NULL DEFAULT NULL,
-`DRIVER_CLASS` VARCHAR(100) NOT NULL,
-`MIN_POOL_SIZE` INT(11) NOT NULL,
-`MAX_POOL_SIZE` INT(11) NOT NULL,
-`IDLE_CONNECTION_TEST_PERIOD` INT(11) NOT NULL)
-ENGINE = InnoDB
-DEFAULT CHARACTER SET = utf8;
\ No newline at end of file
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}
+ name: {{ include "common.fullname" . }}-db-init
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/config/db_cmd.sh").AsConfig . | indent 2 }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Copyright © 2020 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
spec:
initContainers:
- command:
- - /root/job_complete.py
+ - /app/ready.py
args:
- --job-name
- - {{ include "common.fullname" . }}-galera-config
+ - {{ include "common.fullname" . }}-mariadb-init-config-job
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
- name: VID_UEB_URL_LIST
value: message-router.{{ include "common.namespace" . }}
- name: VID_MYSQL_HOST
- value: {{ index .Values "mariadb-galera" "service" "name" }}
+ value: {{ include "common.mariadbService" . }}
- name: VID_MYSQL_PORT
- value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
+ value: "{{ include "common.mariadbPort" . }}"
- name: VID_MYSQL_DBNAME
value: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: VID_MYSQL_USER
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-galera-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
-spec:
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
- spec:
- initContainers:
-#This container checks that all galera instances are up before initializing it.
- - name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- - --container-name
- - {{ index .Values "mariadb-galera" "service" "name" }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}-job
- image: {{ .Values.mariadb_image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /dbcmd-config/db_cmd.sh
- name: {{ include "common.fullname" . }}-config
- subPath: db_cmd.sh
- - mountPath: /db-config/vid-pre-init.sql
- name: {{ include "common.fullname" . }}-config
- subPath: vid-pre-init.sql
- command:
- - /bin/sh
- args:
- - -x
- - /dbcmd-config/db_cmd.sh
- env:
- - name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 10 }}
- - name: MYSQL_HOST
- value: {{ index .Values "mariadb-galera" "service" "name" }}
- - name: MYSQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 10 }}
- - name: MYSQL_PORT
- value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
- restartPolicy: Never
- volumes:
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: db_cmd.sh
- path: db_cmd.sh
- - key: vid-pre-init.sql
- path: vid-pre-init.sql
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Copyright © 2020 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{ include "common.secretFast" . }}
---
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License
+*/}}
apiVersion: v1
kind: Service
# Declare variables to be passed into your templates.
global:
nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ mariadbGalera: &mariadbGalera
+ #This flag allows VID to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
# application image
repository: nexus3.onap.org:10001
-image: onap/vid:6.0.4
+image: onap/vid:7.0.0
pullPolicy: Always
-# mariadb image for initializing
-mariadb_image: library/mariadb:10
-
# application configuration
config:
db:
roleaccesscentralized: remote
mariadb-galera:
- config:
+ # '&mariadbConfig' means we "store" the values for later use in the file
+ # with '*mariadbConfig' pointer.
+ config: &mariadbConfig
userCredentialsExternalSecret: '{{ include "common.release" . }}-vid-db-user-secret'
mysqlDatabase: vid_openecomp_epsdk
nameOverride: vid-galera
[mysqld]
lower_case_table_names = 1
+mariadb-init:
+ config: *mariadbConfig
+ nameOverride: vid-mariadb-init
+ # A configMap of same name is created. It points to file that will be run after
+ # The DB has been created.
+ dbScriptConfigMap: '{{ include "common.release" . }}-vid-db-init'
+
# default number of instances
replicaCount: 1
- name: postgres
version: ~6.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~6.x-0
+ repository: '@local'
<transactionManager type="JDBC" />
<dataSource type="UNPOOLED">
<property name="driver" value="org.postgresql.Driver" />
- <property name="url" value="jdbc:postgresql://{{ .Values.postgres.service.name }}:{{ .Values.postgres.service.externalPort }}/marketplaceDB" />
+ <property name="url" value="jdbc:postgresql://{{.Values.postgres.service.name2}}:{{.Values.postgres.service.externalPort}}/marketplaceDB" />
<property name="username" value="${PG_USER}" />
<property name="password" value="${PG_PASSWORD}" />
</dataSource>
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1
kind: Deployment
name: init-data-input
- mountPath: /config
name: init-data
- image: "{{ .Values.global.envsubstImage }}"
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "{{ .Values.postgres.nameOverride }}"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
- - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}
resources:
{{ include "common.resources" . | indent 12 }}
- volumes:
+ volumeMounts:
- mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml
name: init-data
subPath: configuration.xml
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: batch/v1
kind: Job
restartPolicy: Never
initContainers:
- command:
- - /root/ready.py
+ - /app/ready.py
args:
- --container-name
- "{{ .Values.postgres.nameOverride }}"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy}}
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}-job
- image: "{{ .Values.postgresRepository }}/{{ .Values.postgresImage }}"
+ image: {{ include "repositoryGenerator.image.postgres" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: PGUSER
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
#################################################################
global:
nodePortPrefix: 302
- repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- envsubstImage: dibi/envsubst
secrets:
- uid: pg-root-pass
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
-image: onap/vnfsdk/refrepo:1.5.2
-postgresRepository: crunchydata
-postgresImage: crunchy-postgres:centos7-10.3-1.8.2
+image: onap/vnfsdk/refrepo:1.6.2
pullPolicy: Always
# application configuration override for postgres
Code Review / oom.git / commitdiff