time: '14:00 UTC'
repositories:
- 'oom'
- - 'oom-offline-installer'
- - 'oom-registrator'
committers:
- <<: *onap_releng_ptl
- name: 'Alexis de Talhouët'
approval: 'https://lists.onap.org/pipermail/onap-tsc'
changes:
- type: 'Addition'
- name: 'Brian Freeman'
- name: 'Yang Xu'
- link: 'TBD'
+ name: 'Krzysztof Opasiak'
+ # yamllint disable-line rule:line-length
+ link: 'https://lists.onap.org/g/onap-tsc/topic/committer_promotion_request/70242499?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,70242499'
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
+ifneq ($(SKIP_LINT),TRUE)
+ HELM_LINT_CMD := helm lint
+else
+ HELM_LINT_CMD := echo "Skipping linting of"
+endif
+
SUBMODS := robot aai
EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS)
HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) $(PARENT_CHART)
@if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
-Subproject commit 764cd8514707c1630dbfa6792b8d15953d5b9a59
+Subproject commit 23f076495d36081f34a367067918d15fcc5ada8d
--- /dev/null
+hazelcast:
+ cp-subsystem:
+ cp-member-count: {{ .Values.replicaCount }}
+ group-size: {{ .Values.cluster.groupSize }}
+ session-time-to-live-seconds: 10
+ session-heartbeat-interval-seconds: 5
+ missing-cp-member-auto-removal-seconds: 120
+ fail-on-indeterminate-operation-state: false
+ raft-algorithm:
+ leader-election-timeout-in-millis: 2000
+ leader-heartbeat-period-in-millis: 5000
+ max-missed-leader-heartbeat-count: 5
+ append-request-max-entry-count: 50
+ commit-index-advance-count-to-snapshot: 1000
+ uncommitted-entry-count-to-reject-new-appends: 100
+ append-request-backoff-timeout-in-millis: 100
+ network:
+ enabled: true
+ rest-api:
+ enabled: true
+ endpoint-groups:
+ HEALTH_CHECK:
+ enabled: true
+ CP:
+ enabled: true
+ join:
+ multicast:
+ enabled: false
+ kubernetes:
+ enabled: true
+ namespace: {{ include "common.namespace" . }}
+ service-name: {{ include "common.servicename" . }}-cluster
+ resolve-not-ready-addresses: true
+ # service-label-name: MY-SERVICE-LABEL-NAME
+ # service-label-value: MY-SERVICE-LABEL-VALUE
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ # This allow a new pod to be ready before terminating the old one
+ # causing no downtime when replicas is set to 1
+ maxUnavailable: 0
+
+ # maxSurge to 1 is very important for the hazelcast integration
+ # we only want one pod at a time to restart not multiple
+ # and break the hazelcast cluster. We should not use % maxSurge value
+ # ref : https://hazelcast.com/blog/rolling-upgrade-hazelcast-imdg-on-kubernetes/
+ maxSurge: 1
template:
metadata:
labels:
env:
- name: APP_CONFIG_HOME
value: {{ .Values.config.appConfigDir }}
+ - name: USE_SCRIPT_COMPILE_CACHE
+ value: {{ .Values.config.useScriptCompileCache | quote }}
+ # Cluster should only be enabled when replicaCount is more than 2 and useScriptCompileCache is set to false otherwise it won't work properly
+ - name: CLUSTER_ENABLED
+ value: {{ if and (gt (int (.Values.replicaCount)) 2) (not .Values.config.useScriptCompileCache) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }}
+ - name: CLUSTER_ID
+ value: {{ .Values.cluster.clusterName }}
+ - name: CLUSTER_NODE_ID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: CLUSTER_CONFIG_FILE
+ value: {{ .Values.config.appConfigDir }}/hazelcast.yaml
ports:
- containerPort: {{ .Values.service.http.internalPort }}
- containerPort: {{ .Values.service.grpc.internalPort }}
+ - containerPort: {{ .Values.service.cluster.internalPort }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
- mountPath: {{ .Values.config.appConfigDir }}/logback.xml
name: {{ include "common.fullname" . }}-config
subPath: logback.xml
+ - mountPath: {{ .Values.config.appConfigDir }}/hazelcast.yaml
+ name: {{ include "common.fullname" . }}-config
+ subPath: hazelcast.yaml
- mountPath: {{ .Values.config.appConfigDir }}/ONAP_RootCA.cer
name: {{ include "common.fullname" . }}-config
path: application.properties
- key: logback.xml
path: logback.xml
+ - key: hazelcast.yaml
+ path: hazelcast.yaml
- key: ONAP_RootCA.cer
path: ONAP_RootCA.cer
- name: {{ include "common.fullname" . }}-blueprints
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}-cluster
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.cluster.type }}
+ ports:
+ - port: {{ .Values.service.cluster.externalPort }}
+ targetPort: {{ .Values.service.cluster.internalPort }}
+ {{- if eq .Values.service.cluster.type "NodePort"}}
+ nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.cluster.nodePort }}
+ {{- end}}
+ name: {{ .Values.service.cluster.portName | default "cluster" }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
# application configuration
config:
appConfigDir: /opt/app/onap/config
+ useScriptCompileCache: true
# default number of instances
replicaCount: 1
portName: blueprints-processor-grpc
internalPort: 9111
externalPort: 9111
+ cluster:
+ type: ClusterIP
+ portName: blueprints-processor-cluster
+ internalPort: 5701
+ externalPort: 5701
persistence:
volumeReclaimPolicy: Retain
mountSubPath: cds/blueprints/deploy
deployedBlueprint: /opt/app/onap/blueprints/deploy
+cluster:
+ # Cannot have cluster enabled if the replicaCount is not at least 3
+ # AND config value useScriptCompileCache is not set to false
+ enabled: false
+
+ clusterName: cds-cluster
+
+ # Defines the number of node to be part of the CP subsystem/raft algorithm. This value should be
+ # between 3 and 7 only.
+ groupSize: 3
+
ingress:
enabled: false
service:
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+---
+# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# The default name is elasticsearch, but you should change it to an appropriate name which describes the
# purpose of the cluster.
#
-cluster.name: "clamp-dashboard"
-#
-# The port that other nodes in the cluster should use when communicating with this node.
-# Required for Elasticsearch's nodes running on different cluster nodes.
-# More : https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html
-#transport.publish_port:$transport.publish_port
-#
-# The host address to publish for nodes in the cluster to connect to.
-# Required for Elasticsearch's nodes running on different cluster nodes.
-# More : https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html
-#transport.publish_host:$transport.publish_host
+## Default Elasticsearch configuration from elasticsearch-docker.
+## from https://opendistro.github.io/for-elasticsearch-docs/docs/elasticsearch/configuration/
#
-# ------------------------------------ Node ------------------------------------
-#
-# It is better to provide different meaningfull names fot different elastic nodes.
-# By default, Elasticsearch will take the 7 first character of the randomly generated uuid used as the node id.
-# Note that the node id is persisted and does not change when a node restarts
+
+cluster.name: "clamp-dashboard"
+node.name: "cldash-es-node1"
+# ---------------------------------- Network -----------------------------------
#
-#node.name: $node.name
+# Set the bind address to a specific IP (IPv4 or IPv6):
+# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a
+# non-loopback address.
+network.host: 0.0.0.0
#
-# Add custom attributes to the node:
+# Set a custom port for HTTP: If required, default is 9200-9300
#
-#node.attr.rack: r1
+#http.port: $http.port
#
+# For more information, consult the network module documentation.
# ----------------------------------- Paths ------------------------------------
#
# The location of the data files of each index / shard allocated on the node. Can hold multiple locations separated by coma.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
-# ---------------------------------- Network -----------------------------------
-#
-# Set the bind address to a specific IP (IPv4 or IPv6):
-# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a
-# non-loopback address.
-network.host: 0.0.0.0
-#
-# Set a custom port for HTTP: If required, default is 9200-9300
-#
-#http.port: $http.port
-#
-# For more information, consult the network module documentation.
-#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started
# that are likely to be live and contactable.
# By default, Elasticsearch will bind to the available loopback addresses and will scan ports 9300 to 9305 to try
# to connect to other nodes running on the same server.
-#
-#$discovery.zen.ping.unicast.hosts
-#
-# This setting tells Elasticsearch to not elect a master unless there are enough master-eligible nodes
-# available. Only then will an election take place.
-# Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1):
+# # minimum_master_nodes need to be explicitly set when bound on a public IP
+# # set to 1 to allow single node clusters
+# # Details: https://github.com/elastic/elasticsearch/pull/17288
discovery.zen.minimum_master_nodes: 1
-#
-# For more information, consult the zen discovery module documentation.
-#
-# ---------------------------------- Gateway -----------------------------------
-#
-# Block initial recovery after a full cluster restart until N nodes are started:
-#
-#gateway.recover_after_nodes: 3
-#
-# For more information, consult the gateway module documentation.
-#
+discovery.seed_hosts: []
+# # Breaking change in 7.0
+# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes
+cluster.initial_master_nodes:
+ - cldash-es-node1
+# - docker-test-node-1
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
# Defaults to 9300-9400.
# More info:
transport.tcp.port: {{.Values.service.externalPort2}}
-#xpack.graph.enabled: false
-#Set to false to disable X-Pack graph features.
-#xpack.ml.enabled: false
-#Set to false to disable X-Pack machine learning features.
-#xpack.monitoring.enabled: false
-#Set to false to disable X-Pack monitoring features.
+######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
+# WARNING: revise all the lines below before you go into production
+opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
+opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
+opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.ssl.transport.enforce_hostname_verification: false
+opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
+opendistro_security.ssl.http.pemcert_filepath: esnode.pem
+opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
+opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.allow_unsafe_democertificates: true
+opendistro_security.allow_default_init_securityindex: true
+opendistro_security.authcz.admin_dn:
+ - CN=kirk,OU=client,O=client,L=test, C=de
-#xpack.watcher.enabled: false
-#Set to false to disable Watcher.
-
-#xpack.license.self_generated.type: basic
-#xpack.security.enabled: false
-
-## Search Guard
-#
-searchguard.enterprise_modules_enabled: false
-searchguard.ssl.transport.keystore_filepath: sg/node-0-keystore.jks
-searchguard.ssl.transport.truststore_filepath: sg/truststore.jks
-searchguard.ssl.transport.enforce_hostname_verification: false
-
-searchguard.authcz.admin_dn:
- - "CN=kirk,OU=client,O=client,l=tEst,C=De"
+opendistro_security.audit.type: internal_elasticsearch
+opendistro_security.enable_snapshot_restore_privilege: true
+opendistro_security.check_snapshot_restore_write_privileges: true
+opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
+cluster.routing.allocation.disk.threshold_enabled: false
+node.max_local_storage_nodes: 3
+######## End OpenDistro for Elasticsearch Security Demo Configuration ########
\ No newline at end of file
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
port: {{ .Values.service.internalPort2 }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
env:
volumeMounts:
- mountPath: /etc/localtime
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-elasticsearch:4.1.1
+image: onap/clamp-dashboard-elasticsearch:5.0.2
pullPolicy: Always
# flag to enable debugging - application support required
# probe configuration parameters
liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 180
+ periodSeconds: 30
+ timeoutSeconds: 5
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 180
+ periodSeconds: 30
+ timeoutSeconds: 5
## Persist data to a persitent volume
persistence:
mountSubPath: clamp/dashboard-elasticsearch/data
mountSubPathLogs: clamp
+security:
+ ssl:
+ enabled: true
+
service:
type: ClusterIP
name: cdash-es
+++ /dev/null
-Bag Attributes
- friendlyName: clamp@clamp.onap.org
- localKeyID: 54 69 6D 65 20 31 35 35 33 37 38 37 35 31 38 33 30 33
-subject=/CN=clamp/emailAddress=/OU=clamp@clamp.onap.org/OU=OSAAF/O=ONAP/C=US
-issuer=/C=US/O=ONAP/OU=OSAAF/CN=intermediateCA_9
------BEGIN CERTIFICATE-----
-MIIEKDCCAxCgAwIBAgIIWY+5kgf/UG4wDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
-BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTE5MDMyMTE2MTY1OFoXDTIwMDMyMTE2MTY1OFow
-bDEOMAwGA1UEAwwFY2xhbXAxDzANBgkqhkiG9w0BCQEWADEdMBsGA1UECwwUY2xh
-bXBAY2xhbXAub25hcC5vcmcxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ
-MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALic
-uDccBjOAlOsL1Z1nKnDPRTNxBwIVfARRQDxK3C0zDHQ5qEmIQlF0Vjp+bJ2rgzMW
-BnodC38zt1jSXymEsekZNV2sUyBbzJl6vxvA1xJKI9VHLyPSzyUEd1H4qh8b7IDX
-3GDqUJgNfvzJ94DaNnnYWFVZq/IYdLjCFaXDxPUQZtlmpdkIWBzvMeNRe4bWajau
-immkmSi5/2BYQfZXHXpiKiyBnN+1FbU3consmjNwS1L+PjD+k3JLsc5ANZYZMOTp
-Szhu3xmDiB3UV4gPQWacQQZEo/5exywY3Ax3TowGwIA660eSkW1L5RPdyvzEgp7A
-vu4+rbhfeR5bXjy2iAUCAwEAAaOB8jCB7zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQE
-AwIF4DAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0w
-S4AUgfeZWxC5yIze81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0w
-CwYDVQQKDARPTkFQMQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQU+GZ6wmWDPrmq
-Wd1/NtMYiCQ8Dg4wOwYDVR0RBDQwMoIFY2xhbXCCHWNsYW1wLmFwaS5zaW1wbGVk
-ZW1vLm9uYXAub3JnggpjbGFtcC5vbmFwMA0GCSqGSIb3DQEBCwUAA4IBAQCFZdhB
-U6xm6l0vj4q89onLx4opTPvwGNRc0n402lifkPYXseFtphZSHIf2Sg0mFTH4KHb4
-FdMyBzq1+f5WLU+xRC1nT4eGJ0FvRR6204/fGVrzJTS67phnRnxr2WZzLPW0wPJe
-K8SzN6tkUgE7/a/s0T/htE/blDxWh75+tA2jQlgj1Ri0y9A1J8wx++REKjGlHjFN
-53aiipsB+wC/oEMzYL4qEPiYPI0Lr3Lsay1F7f6cvDT4+EYzBLMFuwCvpcnHgSMS
-4fFj2ROmUG2+CC23B88Q0WNxjLPq/CrmHZZBsqwruPJ0cSuCQxfshTQ6uZhcjtu8
-6TRYkIcL0x9r/AHP
------END CERTIFICATE-----
+++ /dev/null
-Bag Attributes
- friendlyName: clamp@clamp.onap.org
- localKeyID: 54 69 6D 65 20 31 35 35 33 37 38 37 35 31 38 33 30 33
-Key Attributes: <No Attributes>
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC4nLg3HAYzgJTr
-C9WdZypwz0UzcQcCFXwEUUA8StwtMwx0OahJiEJRdFY6fmydq4MzFgZ6HQt/M7dY
-0l8phLHpGTVdrFMgW8yZer8bwNcSSiPVRy8j0s8lBHdR+KofG+yA19xg6lCYDX78
-yfeA2jZ52FhVWavyGHS4whWlw8T1EGbZZqXZCFgc7zHjUXuG1mo2ropppJkouf9g
-WEH2Vx16YiosgZzftRW1N3KJ7JozcEtS/j4w/pNyS7HOQDWWGTDk6Us4bt8Zg4gd
-1FeID0FmnEEGRKP+XscsGNwMd06MBsCAOutHkpFtS+UT3cr8xIKewL7uPq24X3ke
-W148togFAgMBAAECggEATncV+R5pKFS7dteV2IvzxvTh1cZxkxoslu0t3zJ2OKPc
-5D1pYK+QeGx5Be2cHru6TOlMoXRc4ZjKke8AUXY74/Y573GB91vtL0KznYkuIHDw
-oALcb153eqVWTbniHMzSjcSxv2N4E9iQo8L39oVI6CrjCIvPgFuSqMCdUNJPkVTI
-4nsarTfLK4fzi7IbWzi9JdE1QRNIxcCMcYJRnLZMdneMLBleR0UL82Xc2KOy5SEt
-zyKYCQ8zS247FKolnOrDkhKxXI5fzdDpRK5AQSsAykUPWlYq7pzKjY/dU9rMRohx
-YSltFjPZ3sQ3UKqqIqhZS+GoVuZoc925WyhViPsqtQKBgQDsL4LFfPWN8nnsusQp
-VR3T7HvvwXuEVAydlaJMwZU0cRYN+L7RHHjDoXZZrNJDIDzNoWnBLKRGx3mtLmgJ
-9Pa6SxN6Oc8oo6jzv2D59g1PVjNOMOYTCTb/2Xum4LMLaeeF57HkWxzeA3Ws47++
-gXwzQpbE90tp1Ys4uXD3JoivvwKBgQDIGZTwLGhLSegdAjG83WEgmdtzT1kjvx0Q
-A8IR2jkgkTJHdKiuslJ8Z3/XufHEwWMWwfs1XLwxYluoo1y9eNvNeHZXjLqjL62c
-I3034F9IvvTUqFcxam2WdoklXbAiSvLUo/9exPgOuVxok6Zv1imRgGb/vYV9vyG7
-86MRuQu5OwKBgQC9E3fcA6JMpY3H3uhEsngzfMDm+fyYvfRvfyezzNFWbyWZv8V6
-gBGJg0vMlFarGDa044BW/hbw9qXI5zqwpeOS1aFdGsRlo0cRAuduk/Spy7c85FZ7
-bMgT4BZmTMHo5DpNb2NxDSO59AkThCuvJde47ZjnS5WavzI6EfKGWNnZ3wKBgQCF
-QiwjCp/mS/DtqLFxAsmVSYGROG231aXILYiIFRloa+ndFn7j4NP4D4FfLHErRFL2
-K/ddIUYfaU57b1fqwts26ht90LXWyYDH9AaHOMCcFLe+C+INgcA7rPNG1C7hl6JC
-JHmEJo7AV4eICZSU9D44rRdrB08oYCpaHjYiLmb1UwKBgQCWCDJ4p2DrNL9hzj3K
-kzvM5saXrfI4aVBXVt9rw9s1d/WG8JOpnmHcnLPb6Tj59rDktrLCLv0sVstMwNVJ
-sOO+qsgn1VoZalcVhhjdONm5YvhJQgz0F7Y2xkr6g/AuMPz2YigGfm7fe/z7rc+L
-q9Ua2HmUS8DDBy7W89MNZJNkDQ==
------END PRIVATE KEY-----
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
-# limitations under the License.
-#xpack.graph.enabled: false
-#Set to false to disable X-Pack graph features.
-#xpack.ml.enabled: false
-#Set to false to disable X-Pack machine learning features.
-#xpack.monitoring.enabled: false
-#Set to false to disable X-Pack monitoring features.
-#xpack.reporting.enabled: false
-#Set to false to disable X-Pack reporting features.
-#xpack.security.enabled: false
-#Set to false to disable X-Pack security features.
-#xpack.watcher.enabled: false
-#Set to false to disable Watcher.
+# limitations under the License.# Default Kibana configuration from kibana-docker.
+
+server.name: "Clamp CL Dashboard"
+server.host: "0"
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: {{.Values.service.externalPort}}
-# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
-# The default is 'localhost', which usually means remote machines will not be able to connect.
-# To allow connections from remote users, set this parameter to a non-loopback address.
-server.host: "0.0.0.0"
-
-# Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
-# the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
-# to Kibana. This setting cannot end in a slash.
-#server.basePath: ""
-
-# The maximum payload size in bytes for incoming server requests.
-#server.maxPayloadBytes: 1048576
-
-# The Kibana server's name. This is used for display purposes.
-server.name: "Clamp Dashboard"
-
-# The URL of the Elasticsearch instance to use for all your queries.
-elasticsearch.url: "http://{{.Values.config.elasticsearchServiceName}}.{{ include "common.namespace" . }}:{{.Values.config.elasticsearchPort}}"
-# When this setting's value is true Kibana uses the hostname specified in the server.host
-# setting. When the value of this setting is false, Kibana uses the hostname of the host
-# that connects to this Kibana instance.
-#elasticsearch.preserveHost: true
-
-# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
-# dashboards. Kibana creates a new index if the index doesn't already exist.
-#kibana.index: ".kibana"
-
-# The default application to load.
-#kibana.defaultAppId: "discover"
-
-# If your Elasticsearch is protected with basic authentication, these settings provide
-# the username and password that the Kibana server uses to perform maintenance on the Kibana
-# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
-# is proxied through the Kibana server.
-#elasticsearch.username: "elastic"
-#elasticsearch.password: "changeme"
-# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
-# These settings enable SSL for outgoing requests from the Kibana server to the browser.
server.ssl.enabled: {{.Values.config.sslEnabled}}
server.ssl.certificate: {{.Values.config.sslPemCertFilePath}}
server.ssl.key: {{.Values.config.sslPemkeyFilePath}}
-# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
-# These files validate that your Elasticsearch backend uses the same key files.
-#elasticsearch.ssl.certificate: $elasticsearch_ssl_certificate
-#elasticsearch.ssl.key: $elasticsearch_ssl_key
-
-# Optional setting that enables you to specify a path to the PEM file for the certificate
-# authority for your Elasticsearch instance.
-#elasticsearch.ssl.certificateAuthorities: $elasticsearch_ssl_certificateAuthorities
-
-# To disregard the validity of SSL certificates, change this setting's value to 'none'.
-#elasticsearch.ssl.verificationMode: $elasticsearch_ssl_verificationMode
-
-# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
-# the elasticsearch.requestTimeout setting.
-#elasticsearch.pingTimeout: 1500
-
-# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
-# must be a positive integer.
-#elasticsearch.requestTimeout: 30000
-
-# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
-# headers, set this value to [] (an empty list).
-#elasticsearch.requestHeadersWhitelist: [ authorization ]
-
-# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
-# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
-#elasticsearch.customHeaders: {}
-
-# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
-#elasticsearch.shardTimeout: 0
-
-# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
-#elasticsearch.startupTimeout: 5000
-
-# Specifies the path where Kibana creates the process ID file.
-#pid.file: /var/run/kibana.pid
-
-# Enables you specify a file where Kibana stores log output.
-#logging.dest: stdout
-
-# Set the value of this setting to true to suppress all logging output.
-#logging.silent: false
-
-# Set the value of this setting to true to suppress all logging output other than error messages.
-#logging.quiet: false
-
-# Set the value of this setting to true to log all events, including system usage information
-# and all requests.
-#logging.verbose: false
-
-# Set the interval in milliseconds to sample system and process performance
-# metrics. Minimum is 100ms. Defaults to 5000.
-#ops.interval: 5000
-
-# The default locale. This locale can be used in certain circumstances to substitute any missing
-# translations.
-#i18n.defaultLocale: "en"
+# The URL of the Elasticsearch instance to use for all your queries.
+elasticsearch.hosts: ${elasticsearch_base_url}
-## Search Guard
-#
-#xpack.security.enabled: false
+elasticsearch.ssl.verificationMode: none
elasticsearch.username: {{.Values.config.elasticUSR}}
elasticsearch.password: {{.Values.config.elasticPWD}}
-searchguard.cookie.password: 123567818187654rwrwfsfshdhdhtegdhfzftdhncn
+elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
+
+opendistro_security.multitenancy.enabled: true
+opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
+opendistro_security.readonly_mode.roles: ["kibana_read_only"]
\ No newline at end of file
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
env:
+ - name: elasticsearch_base_url
+ value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
- mountPath: /usr/share/kibana/config/kibana.yml
name: {{ include "common.fullname" . }}
subPath: kibana.yml
- - name: {{ include "common.fullname" . }}-aaf-pem-certs
- mountPath: /usr/share/kibana/config/keystore/
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
items:
- key: kibana.yml
path: kibana.yml
- - name: {{ include "common.fullname" . }}-aaf-pem-certs
- secret:
- secretName: {{ include "common.fullname" . }}-aaf-pem-keys
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-kibana:4.1.3
+image: onap/clamp-dashboard-kibana:5.0.2
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
# application configuration
+#the 'sslEnabled flag' here below is for the kibana UI connection (web browser connection to kibana)
config:
elasticsearchServiceName: cdash-es
elasticsearchPort: 9200
# probe configuration parameters
liveness:
initialDelaySeconds: 360
- periodSeconds: 10
+ periodSeconds: 30
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 360
+ periodSeconds: 30
+
+#internal ssl security scheme for elasticsearch connection mainly
+security:
+ ssl:
+ enabled: true
service:
#Example service definition with external, internal and node ports.
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIEVDCCAjygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwNjA1MDg1MTQxWhcN
-MjMwNjA1MDg1MTQxWjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzEwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOXCdZIoWM0EnEEw3qPiVMhAgNolWCTaLt
-eI2TjlTQdGDIcXdBZukHdNeOKYzOXRsLt6bLRtd5yARpn53EbzS/dgAyHuaz1HjE
-5IPWSFRg9SulfHUmcS+GBt1+KiMJTlOsw6wSA73H/PjjXBbWs/uRJTnaNmV3so7W
-DhNW6fHOrbom4p+3FucbB/QAM9b/3l/1LKnRgdXx9tekDnaKN5u3HVBmyOlRhaRp
-tscLUCT3jijoGAPRcYZybgrpa0z3iCWquibTO/eLwuO/Dn7yHWau9ZZAHGPBSn9f
-TiLKRYV55mNjr3zvs8diTPECFPW8w8sRIH3za1aKHgUC1gd87Yr3AgMBAAGjZjBk
-MB0GA1UdDgQWBBQa1FdycErTZ6nr4dxiMbKH0P7vqjAfBgNVHSMEGDAWgBRTVTPy
-S+vQUbHBeJrBKDF77+rtSTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE
-AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAlA/RTPy5i09fJ4ytSAmAdytMwEwRaU9F
-dshG7LU9q95ODsuM79yJvV9+ISIJZRsBqf5PDv93bUCKKHIYGvR6kNd+n3yx/fce
-txDkC/tMj1T9D8TuDKAclGEO9K5+1roOQQFxr4SE6XKb/wjn8OMrCoJ75S0F3htF
-LKL85T77JeGeNgSk8JEsZvQvj32m0gv9rxi5jM/Zi5E2vxrBR9T1v3kVvlt6+PSF
-BoHXROk5HQmdHxnH+VYQtDHSwj9Xe9aoJMyL0WjYKd//8NUO+VACDOtK4Nia6gy9
-m/n9kMASMw6f9iF4n6t4902RWrRKTYM1CVu5wyVklVbEdE9i6Db4CpL9E8HpBUAP
-t44JiNzuFkDmSE/z5XuQIimDt6nzOaSF8pX2KHY2ICDLwpMNUvxzqXD9ECbdspiy
-JC2RGq8uARGGl6kQQBKDNO8SrO7rSBPANd1+LgqrKbCrHYfvFgkZPgT5MlQi+E1G
-LNT+i6fzZha9ed/L6yjl5Em71flJGFwRZl2pfErZRxp8pLPcznYyIpSjcwnqNCRC
-orhlp8nheiODC3oO3AFHDiFgUqvm8hgpnT2cPk2lpU2VY1TcZ8sW5qUDCxINIPcW
-u1SAsa87IJK3vEzPZfTCs/S6XThoqRfXj0c0Rahj7YFRi/PqIPY0ejwdtmZ9m9pZ
-8Lb0GYmlo44=
------END CERTIFICATE-----
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
## Setting true makes logstash check periodically for change in pipeline configurations
config.reload.automatic: true
-## xpack configurations
-#xpack.monitoring.elasticsearch.url: ["http://10.247.186.12:9200", "http://10.247.186.13:9200"]
-#xpack.monitoring.elasticsearch.username: elastic
-#xpack.monitoring.elasticsearch.password: changeme
-#xpack.monitoring.enabled: false
if "error" in [tags] {
elasticsearch {
codec => "json"
+ cacert => "/clamp-cert/ca-certs.pem"
+ ssl_certificate_verification => false
hosts => ["${elasticsearch_base_url}"]
user => ["${logstash_user}"]
password => ["${logstash_pwd}"]
elasticsearch {
codec => "json"
hosts => ["${elasticsearch_base_url}"]
+ cacert => "/clamp-cert/ca-certs.pem"
+ ssl_certificate_verification => false
user => ["${logstash_user}"]
password => ["${logstash_pwd}"]
document_id => "%{requestID}"
elasticsearch {
codec => "json"
hosts => ["${elasticsearch_base_url}"]
+ cacert => "/clamp-cert/ca-certs.pem"
+ ssl_certificate_verification => false
user => ["${logstash_user}"]
password => ["${logstash_pwd}"]
index => "events-%{+YYYY.MM.DD}" # creates daily indexes
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-aaf-keys
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
- name: request_topic
value: "{{ .Values.config.requestTopic }}"
- name: dmaap_base_url
- value: {{ .Values.config.dmaapScheme }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }}
+ value: {{ ternary "https" "http" .Values.security.ssl.enabled }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }}
- name: logstash_user
value: "{{ .Values.config.logstash_user }}"
- name: logstash_pwd
value: "{{ .Values.config.logstash_pwd }}"
- name: elasticsearch_base_url
- value: "http://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
+ value: "{{ ternary "https" "http" .Values.security.ssl.enabled }}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
ports:
- containerPort: {{ .Values.service.internalPort }}
name: {{ include "common.servicename" . }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end -}}
volumeMounts:
- mountPath: /etc/localtime
- mountPath: /usr/share/logstash/pipeline/logstash.conf
name: {{ include "common.fullname" . }}
subPath: pipeline.conf
- - name: {{ include "common.fullname" . }}-aaf-certs
- mountPath: /certs.d/
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: logstash.yml
- key: pipeline.conf
path: pipeline.conf
- - name: {{ include "common.fullname" . }}-aaf-certs
- secret:
- secretName: {{ include "common.fullname" . }}-aaf-keys
-
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:4.1.3
+image: onap/clamp-dashboard-logstash:5.0.2
pullPolicy: Always
# flag to enable debugging - application support required
elasticsearchServiceName: cdash-es
elasticsearchPort: 9200
dmaapHost: message-router
- dmaapScheme: https
+ dmaapSchemeSSL: https
+ dmaapSchemeNoSSL: http
dmaapPort: 3905
dmaapConsumerGroup: "clampdashboard"
dmaapConsumerId: "clampdashboard"
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
+ initialDelaySeconds: 900
+ periodSeconds: 20
+ timeoutSeconds: 5
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 900
+ periodSeconds: 20
+ timeoutSeconds: 5
+
+security:
+ ssl:
+ enabled: true
service:
#Example service definition with external, internal and node ports.
"sharedDir": "releases/sdnc1.0/flows/shared",
"userDir": "releases/sdnc1.0",
"httpAuth": {
- "user": "dguser",
- "pass": "{{.Values.config.dgUserPassword}}"
+ "user": "${HTTP_USER}",
+ "pass": "${HTTP_PASSWORD}"
},
"dbHost": "{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}",
"dbPort": "3306",
- "dbName": "sdnctl",
- "dbUser": "sdnctl",
- "dbPassword": "{{.Values.config.dbSdnctlPassword}}",
+ "dbName": "{{.Values.config.db.dbName}}",
+ "dbUser": "${DB_USER}",
+ "dbPassword": "${DB_PASSWORD}",
"gitLocalRepository": "",
"restConfUrl": "http://localhost:8181/restconf/operations/SLI-API:execute-graph",
- "restConfUser": "admin",
- "restConfPassword": "admin",
+ "restConfUser": "${REST_CONF_USER}",
+ "restConfPassword": "${REST_CONF_PASSWORD}",
"formatXML": "Y",
"formatJSON": "Y",
"httpRoot": "/",
"disableEditor": false,
"httpAdminRoot": "/",
"httpAdminAuth": {
- "user": "dguser",
- "pass": "{{.Values.config.dgUserPassword}}"
+ "user": "${HTTP_ADMIN_USER}",
+ "pass": "${HTTP_ADMIN_PASSWORD}"
},
"httpNodeRoot": "/",
"httpNodeAuth": {
- "user": "dguser",
- "pass": "{{.Values.config.dgUserPassword}}"
+ "user": "${HTTP_NODE_USER}",
+ "pass": "${HTTP_NODE_PASSWORD}"
},
"uiHost": "0.0.0.0",
"version": "0.9.1",
# limitations under the License.
org.onap.ccsdk.sli.dbtype=jdbc
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}}
+org.onap.ccsdk.sli.jdbc.database={{.Values.config.db.dbName}}
+org.onap.ccsdk.sli.jdbc.user=${DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${DB_PASSWORD}
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#!/bin/bash
-export PATH=$PATH:.
-appDir=$(pwd)
-if [ "$#" != 3 -a "$#" != 4 ]
-then
- echo "Usage $0 releaseDir loginId emailAddress [gitLocalRepository]"
- echo "Note: Specify the gitLocalRepository path if you would want to be able to import flows from your local git repository"
- exit
-fi
-if [ ! -e "releases" ]
-then
- mkdir releases
-fi
-releaseDir="$1"
-name="Release $releaseDir"
-loginId="$2"
-emailid="$3"
-dbHost="{{.Values.config.dbServiceName}}.{{.Release.Namespace}}"
-dbPort="3306"
-dbName="sdnctl"
-dbUser="sdnctl"
-dbPassword="{{.Values.config.dbSdnctlPassword}}"
-gitLocalRepository="$4"
-
-lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f2|sed -e s/,//|sort|tail -1)
-echo $lastPort|grep uiPort >/dev/null 2>&1
-if [ "$?" == "0" ]
-then
-lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f3|sed -e s/,//|sort|tail -1)
-fi
-#echo $lastPort
-if [ "${lastPort}" == "" ]
-then
- lastPort="3099"
-fi
-let nextPort=$(expr $lastPort+1)
-#echo $nextPort
-if [ ! -e "releases/$releaseDir" ]
-then
-mkdir releases/$releaseDir
-cd releases/$releaseDir
-mkdir flows
-mkdir flows/shared
-mkdir flows/shared/backups
-mkdir html
-mkdir xml
-mkdir lib
-mkdir lib/flows
-mkdir logs
-mkdir conf
-mkdir codecloud
-customSettingsFile="customSettings.js"
-if [ ! -e "./$customSettingsFile" ]
-then
- echo "module.exports = {" >$customSettingsFile
- echo " 'name' : '$name'," >>$customSettingsFile
- echo " 'emailAddress' :'$emailid'," >>$customSettingsFile
- echo " 'uiPort' :$nextPort," >>$customSettingsFile
- echo " 'mqttReconnectTime': 15000," >>$customSettingsFile
- echo " 'serialReconnectTime' : 15000," >>$customSettingsFile
- echo " 'debugMaxLength': 1000," >>$customSettingsFile
- echo " 'htmlPath': 'releases/$releaseDir/html/'," >>$customSettingsFile
- echo " 'xmlPath': 'releases/$releaseDir/xml/'," >>$customSettingsFile
- echo " 'flowFile' : 'releases/$releaseDir/flows/flows.json'," >>$customSettingsFile
- echo " 'sharedDir': 'releases/$releaseDir/flows/shared'," >>$customSettingsFile
- echo " 'userDir' : 'releases/$releaseDir'," >>$customSettingsFile
- echo " 'httpAuth': {user:'$loginId',pass:'cc03e747a6afbbcbf8be7668acfebee5'}," >>$customSettingsFile
- echo " 'dbHost': '$dbHost'," >>$customSettingsFile
- echo " 'dbPort': '$dbPort'," >>$customSettingsFile
- echo " 'dbName': '$dbName'," >>$customSettingsFile
- echo " 'dbUser': '$dbUser'," >>$customSettingsFile
- echo " 'dbPassword': '$dbPassword'," >>$customSettingsFile
- echo " 'gitLocalRepository': '$gitLocalRepository'" >>$customSettingsFile
- echo " 'restConfUrl': '$restConfUrl'," >>$customSettingsFile
- echo " 'restConfUser': '$restConfUser'," >>$customSettingsFile
- echo " 'restConfPassword': '$restConfPassword'," >>$customSettingsFile
- echo " 'formatXML': '$formatXML'," >>$customSettingsFile
- echo " 'formatJSON': '$formatJSON'," >>$customSettingsFile
- echo " 'enableHttps': true" >>$customSettingsFile
- echo " }" >>$customSettingsFile
-fi
- #echo "Created custom settings file $customSettingsFile"
- echo "Done ....."
-else
- echo "ERROR:customSettings file $customSettingsFile already exists for $releaseDir"
- exit
-fi
-#echo "Content of custom settings file"
-#echo "============================================================================"
-# cat $customSettingsFile
-#echo "============================================================================"
-svclogicPropFile="./conf/svclogic.properties"
-if [ ! -d "${appDir}/yangFiles" ]
-then
- mkdir -p "${appDir}/yangFiles"
-fi
-if [ ! -d "${appDir}/generatedJS" ]
-then
- mkdir -p "${appDir}/generatedJS"
-fi
-
-if [ ! -e "./$svclogicPropFile" ]
-then
- echo "org.onap.ccsdk.sli.dbtype=jdbc" >$svclogicPropFile
- echo "org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{.Release.Namespace}}:3306/sdnctl" >>$svclogicPropFile
- echo "org.onap.ccsdk.sli.jdbc.database=sdnctl" >>$svclogicPropFile
- echo "org.onap.ccsdk.sli.jdbc.user=sdnctl" >>$svclogicPropFile
- echo "org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}" >>$svclogicPropFile
-fi
-if [ ! -e "${appDir}/flowShareUsers.js" ]
-then
- echo "module.exports = {\"flowShareUsers\":" >${appDir}/flowShareUsers.js
- echo " [" >>${appDir}/flowShareUsers.js
- echo " ]" >>${appDir}/flowShareUsers.js
- echo "}" >>${appDir}/flowShareUsers.js
-fi
-grep "$releaseDir" ${appDir}/flowShareUsers.js >/dev/null 2>&1
-if [ "$?" != "0" ]
-then
- num_of_lines=$(cat ${appDir}/flowShareUsers.js|wc -l)
- if [ $num_of_lines -gt 4 ]
- then
- content=$(head -n -2 ${appDir}/flowShareUsers.js)
- echo "${content}," > ${appDir}/flowShareUsers.js
- else
- content=$(head -n -2 ${appDir}/flowShareUsers.js)
- echo "$content" > ${appDir}/flowShareUsers.js
- fi
- echo " {" >> ${appDir}/flowShareUsers.js
- echo " \"name\" : \"$name\"," >> ${appDir}/flowShareUsers.js
- echo " \"rootDir\" : \"$releaseDir\"" >> ${appDir}/flowShareUsers.js
- echo " }" >> ${appDir}/flowShareUsers.js
- echo " ]" >> ${appDir}/flowShareUsers.js
- echo "}" >> ${appDir}/flowShareUsers.js
-fi
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-scripts
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/scripts/*").AsConfig . | indent 2 }}
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: HTTP_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }}
+ - name: HTTP_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }}
+ - name: HTTP_ADMIN_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }}
+ - name: HTTP_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }}
+ - name: HTTP_NODE_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }}
+ - name: HTTP_NODE_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }}
+ - name: REST_CONF_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+ - name: REST_CONF_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
- name: SDNC_CONFIG_DIR
value: /opt/onap/sdnc/data/properties
volumeMounts:
- name: config
mountPath: /opt/onap/ccsdk/dgbuilder/svclogic/svclogic.properties
subPath: svclogic.properties
- - name: scripts
- mountPath: /opt/onap/ccsdk/dgbuilder/createReleaseDir.sh
- subPath: createReleaseDir.sh
- - name: scripts
+ - name: config
mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/customSettings.js
subPath: customSettings.js
resources:
- name: localtime
hostPath:
path: /etc/localtime
- - name: config
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}-config
- - name: scripts
- configMap:
- name: {{ include "common.fullname" . }}-scripts
- defaultMode: 0755
+ - name: config
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# Copyright © 2018 AT&T, Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }}
\ No newline at end of file
+{{ include "common.secret" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+
# image pull policy
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: true
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: 'db-root-password'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.dbRootPassword }}'
+ - uid: 'db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.dbSdnctlPassword }}'
+ - uid: 'http-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}'
+ login: '{{ .Values.config.httpUser }}'
+ password: '{{ .Values.config.dgUserPassword }}'
+ - uid: 'admin-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.config.adminUser }}'
+ password: '{{ .Values.config.dgUserPassword }}'
+ - uid: 'node-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.nodeCredsExternalSecret) . }}'
+ login: '{{ .Values.config.nodeUser }}'
+ password: '{{ .Values.config.dgUserPassword }}'
+ - uid: 'restconf-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.restconfCredsExternalSecret) . }}'
+ login: '{{ .Values.config.restconfUser }}'
+ password: '{{ .Values.config.restconfPassword }}'
+
#################################################################
# Application configuration defaults.
#################################################################
# application configuration
config:
+ db:
+ dbName: sdnctl
+ # unused for now to preserve the API
+ rootPassword: openECOMP1.0
+ # rootPasswordExternalSecret: some secret
+ userName: sdnctl
+ # unused for now to preserve the API
+ userPassword: gamma
+ # userCredentialsExternalSecret: some secret
+ httpUser: dguser
+ # unused for now to preserve the API
+ httpPassword: cc03e747a6afbbcbf8be7668acfebee5
+ # httpCredsExternalSecret: some secret
+ adminUser: dguser
+ # unused for now to preserve the API
+ adminPassword: cc03e747a6afbbcbf8be7668acfebee5
+ # adminCredsExternalSecret: some secret
+ nodeUser: dguser
+ # unused for now to preserve the API
+ nodePassword: cc03e747a6afbbcbf8be7668acfebee5
+ # nodeCredsExternalSecret: some secret
+ restconfUser: admin
+ # unused for now to preserve the API
+ restconfPassword: admin
+ # restconfCredsExternalSecret: some secret
+
dbRootPassword: openECOMP1.0
dbSdnctlPassword: gamma
dbPodName: mysql-db
repository: '@local'\r
- name: mariadb-galera\r
version: ~5.x-0\r
- repository: file://../mariadb-galera/\r
+ repository: '@local'\r
+ condition: global.mariadbGalera.localCluster\r
+ - name: mariadb-init\r
+ version: ~5.x-0\r
+ repository: '@local'\r
+ condition: not global.mariadbGalera.localCluster\r
release: {{ include "common.release" . }}
spec:
initContainers:
+{{- if .Values.global.mariadbGalera.localCluster }}
- command:
- /root/ready.py
args:
- --container-name
- {{ index .Values "mariadb-galera" "nameOverride" }}
+{{- else }}
+ - command:
+ - /root/job_complete.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job
+{{- end }}
env:
- name: NAMESPACE
valueFrom:
- name: SPRING_PROFILE
value: "{{ .Values.config.springProfile }}"
- name: NENG_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10}}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}}
- name: NENG_DB_PASS
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}}
- name: NENG_DB_URL
- value: {{ .Values.config.dbUrl }}
+ value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: POL_CLIENT_AUTH
value: "{{ .Values.config.polClientAuth }}"
- name: POL_BASIC_AUTH
# image pull policy
pullPolicy: IfNotPresent
+ mariadbGalera: &mariadbGalera
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-user-creds"
- externalSecret: '{{- include "common.mariadb.secret.userCredentialsSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
+ - uid: neng-db-secret
+ name: '{{ include "common.release" . }}-neng-db-secret'
type: basicAuth
- - uid: "db-root-pass"
- externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
- type: password
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
# sub-chart config
mariadb-galera:
- config:
- userName: nenguser
- userPassword: nenguser123
- mariadbRootPassword: nenguser123
- mysqlDatabase: nengdb
+ config: &mariadbConfig
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-neng-db-secret'
+ mysqlDatabase: nengdb
nameOverride: nengdb
service:
name: nengdb
enabled: true
mountSubPath: network-name-gen/data
+mariadb-init:
+ config: *mariadbConfig
+ nameOverride: nengdb-init
#################################################################
# Application configuration defaults.
# application configuration
config:
- dbUrl: jdbc:mysql://nengdb:3306/nengdb
+ db:
+ userName: nenguser
+ # userPassword: password
+ # userCredentialsExternalSecret: some-secret
springProfile: live
polClientAuth: cHl0aG9uOnRlc3Q=
polBasicAuth: dGVzdHBkcDphbHBoYTEyMw==
busyboxImage: library/busybox:latest
postgresRepository: crunchydata
-image: crunchy-postgres:centos7-10.4-2.0.0
+image: crunchy-postgres:centos7-10.11-4.2.1
pullPolicy: Always
# application configuration
</logger>
- <root level="INFO">
+ <root level="{{.Values.config.dmaapDrNode.logLevel}}">
<appender-ref ref="asyncAudit" />
<appender-ref ref="asyncMetrics" />
<appender-ref ref="asyncDebug" />
portName2: dr-node-port2
nodePort: 93
nodePort2: 94
+ # dr uses the EELF Logging framework https://github.com/att/EELF
+ # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
+ logLevel: "INFO"
- <root level="INFO">
+ <root level="{{.Values.config.dmaapDrProv.logLevel}}">
<appender-ref ref="asyncEELF" />
<appender-ref ref="asyncEELFError" />
<appender-ref ref="asyncEELFjettylog" />
portName2: dr-prov-port2
nodePort: 59
nodePort2: 69
+ # dr uses the EELF Logging framework https://github.com/att/EELF
+ # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
+ logLevel: "INFO"
+
# dr-prov db configuration
dmaapDrDb:
mariadbServiceName: dmaap-dr-db-svc
# application image
repository: nexus3.onap.org:10001
-image: onap/aai/esr-server:1.4.0
+image: onap/aai/esr-server:1.5.1
pullPolicy: Always
msbaddr: msb-iag.{{ include "common.namespace" . }}:80
config:
msbServiceName: msb-iag
- msbPort: 80
+ msbPort: 443
persistence:
mountPath: /dockerdata-nfs
openStackUserName: "OPENSTACK_USERNAME_HERE"
openStackKeyStoneUrl: "http://10.12.25.2:5000/v2.0"
openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_ENCRYPTED_PASSWORD_HERE_XXXXXXXXXXXXXXXX"
+ # For Support of Keystone v3, uncomment and fill
+ # openStackKeystoneVersion: "KEYSTONE_V3"
+ # openStackProjectDomainName: "DEFAULT"
+ # openStackUserDomainName: "DEFAULT"
nbi:
config:
# openstack configuration
openStackRegion: "Yolo"
- openStackVNFTenantId: "1234"
\ No newline at end of file
+ openStackVNFTenantId: "1234"
- /root/ready.py
args:
- --container-name
- - {{ .Values.mariadb.nameOverride }}
+ - {{ .Values.config.db.container }}
env:
- name: NAMESPACE
valueFrom:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db_host }}.{{.Release.Namespace}}
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db_port | quote}}
+ value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db_root }}
+ value: {{ .Values.config.db.root }}
- name: DB_SCHEMA
- value: {{ .Values.config.mysqlDatabase }}
+ value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db-db-root-password
- key: password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db_host }}.{{.Release.Namespace}}
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db_port | quote}}
+ value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db_root }}
+ value: {{ .Values.config.db.root }}
- name: DB_SCHEMA
- value: {{ .Values.config.mysqlDatabase }}
+ value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db-db-root-password
- key: password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
# flag to enable debugging - application support required
debugEnabled: false
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: cmso-db-root-password
+ type: password
+ password: '{{ .Values.config.db.rootPassword }}'
+ externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
+ policy: required
+ - uid: cmso-db-user-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.user }}'
+ password: '{{ .Values.config.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
config:
- db_root: root
- db_user: cmso-admin
- mysqlDatabase: optimizer
- db_host: oof-cmso-dbhost
- db_port: 3306
+ db:
+ port: 3306
+ root: root
+# rootPassword: pass
+# rootPasswordExternalSecret: some secret
+# user: cmso-admin
+# password: pass
+# userCredentialsExternalSecret: some-secret
+# host: host
+# container: container
+# mysqlDatabase: optimizer
topology_host: oof-cmso-topology
topology_port: 7998
ticketmgt_host: oof-cmso-ticketmgt
ticketmgt_port: 7999
-mariadb:
- nameOverride: cmso-db
-
ingress:
enabled: false
- /root/ready.py
args:
- --container-name
- - {{ .Values.mariadb.nameOverride }}
+ - {{ .Values.config.db.container }}
env:
- name: NAMESPACE
valueFrom:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db_host }}.{{.Release.Namespace}}
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db_port | quote}}
+ value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db_root }}
+ value: {{ .Values.config.db.root }}
- name: DB_SCHEMA
- value: {{ .Values.config.mysqlDatabase }}
+ value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db-db-root-password
- key: password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db_host }}.{{.Release.Namespace}}
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db_port | quote}}
+ value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db_user }}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
- value: {{ .Values.config.mysqlDatabase }}
+ value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db-db-user-credentials
- key: password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
# flag to enable debugging - application support required
debugEnabled: false
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: cmso-db-root-password
+ type: password
+ password: '{{ .Values.config.db.rootPassword }}'
+ externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
+ policy: required
+ - uid: cmso-db-user-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.user }}'
+ password: '{{ .Values.config.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
config:
- db_root: root
- db_user: cmso-admin
- mysqlDatabase: cmso
- db_host: oof-cmso-dbhost
- db_port: 3306
+ db:
+ port: 3306
+ root: root
+# rootPassword: pass
+# rootPasswordExternalSecret: some secret
+# user: cmso-admin
+# password: pass
+# userCredentialsExternalSecret: some-secret
+# host: host
+# container: container
+# mysqlDatabase: cmso
optimizer_host: oof-cmso-optimizer
optimizer_port: 7997
-mariadb:
- nameOverride: cmso-db
-
ingress:
enabled: false
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
+{{ include "common.secret" . }}
+---
apiVersion: v1
kind: Secret
metadata:
# See the License for the specific language governing permissions and
# limitations under the License.
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: cmso-db-root-password
+ name: '{{ include "common.release" . }}-cmso-db-root-password'
+ type: password
+ password: ''
+ policy: generate
+ - uid: cmso-db-secret
+ name: '{{ include "common.release" . }}-cmso-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
+ passwordPolicy: generate
+
mariadb-galera:
replicaCount: 1
nameOverride: cmso-db
enabled: true
disableNfsProvisioner: true
config:
- mariadbRootPassword: beer
- userName: cmso-admin
- userPassword: nimda-osmc
+ mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
mysqlDatabase: cmso
externalConfig: |
[mysqld]
config:
log:
logstashServiceName: log-ls
- logstashPort: 5044
\ No newline at end of file
+ logstashPort: 5044
+ db:
+ # userCredentialsExternalsecret: some secret
+ userName: cmso-admin
+ # userPassword: password
+
+oof-cmso-service:
+ config:
+ db:
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
+ rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+ host: oof-cmso-dbhost
+ container: cmso-db
+ mysqlDatabase: cmso
+
+oof-cmso-optimizer:
+ config:
+ db:
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
+ rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+ host: oof-cmso-dbhost
+ container: cmso-db
+ mysqlDatabase: optimizer
persistence:
enabled: true
size: 10Mi
- accessMode: ReadOnlyMany
+ accessMode: ReadWriteOnce
volumeReclaimPolicy: Retain
mountSubPath: /sdc/onbaording/cert
AFT_DME2_EP_READ_TIMEOUT_MS=50000
sessionstickinessrequired=NO
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
-sdnc.odl.user=admin
-sdnc.odl.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file
###
# ============LICENSE_START=======================================================
-# Copyright (C) 2018 ONAP Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
###
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
AFT_DME2_EP_READ_TIMEOUT_MS=50000
sessionstickinessrequired=NO
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
-sdnc.odl.user=admin
-sdnc.odl.password={{.Values.config.odlPassword}}
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
AFT_DME2_EP_READ_TIMEOUT_MS=50000
sessionstickinessrequired=NO
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
-sdnc.odl.user=admin
-sdnc.odl.password={{.Values.config.odlPassword}}
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: ODL_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ - name: ODL_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: properties
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- command:
- /root/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbGalera.chartName }}
+ - {{ include "common.mariadbService" . }}
- --container-name
- {{ .Values.config.sdncChartName }}
- --container-name
- name: localtime
hostPath:
path: /etc/localtime
- - name: properties
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}
defaultMode: 0644
+ - name: properties
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-sdnc-dmaap-listener-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-dmaap-listener-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: required
+ - uid: odl-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.odlCredsExternalSecret }}'
+ login: '{{ .Values.config.odlUser }}'
+ password: '{{ .Values.config.odlPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
sdncPort: 8282
msgRouterContainerName: message-router
configDir: /opt/onap/sdnc/data/properties
+ odlUser: admin
odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- mariadbGalera:
- chartName: mariadb-galera
- serviceName: mariadb-galera
+ # odlCredsExternalSecret: some secret
+
+mariadb-galera:
+ config:
+ userCredentialsExternalSecret: *dbSecretName
+ userName: sdnctl
+ userPassword: gamma
+ mysqlDatabase: sdnctl
+ nameOverride: dmaap-listener-galera
+ service:
+ name: dmaap-listener-galera
+ portName: dmaap-listener-galera
internalPort: 3306
+ replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: dmaap-listener/maria/data
# default number of instances
replicaCount: 1
# limitations under the License.
# Host definition
-ip: 0.0.0.0
-port: {{.Values.service.internalPort}}
+ip: 0.0.0.0
+port: {{.Values.service.internalPort}}
# Security (controls use of TLS encrypton and RestServer authentication)
-tls: no
-auth: no
+tls: no
+auth: no
# TLS certificates (must be built on application host)
-priv: provide_privated_key.pem
-pub: provide_public_key.pem
+priv: provide_privated_key.pem
+pub: provide_public_key.pem
# RestServer authentication
-id: sdnc
-psswd: sdnc
+id: ${REST_USER}
+psswd: ${REST_PASSWORD}
# Mysql
-host: {{.Values.config.mariadbGalera.serviceName}}
-user: sdnc
-passwd: sdnc
-db: ansible
+host: {{ include "common.mariadbService" $ }}
+user: ${DB_USER}
+passwd: ${DB_PASSWORD}
+db: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
# Playbooks
-from_files: yes
-ansible_path: /opt/onap/sdnc/Playbooks
-ansible_inv: Ansible_inventory
-ansible_temp: PlaybooksTemp
-timeout_seconds: 60
+from_files: yes
+ansible_path: /opt/onap/sdnc/Playbooks
+ansible_inv: Ansible_inventory
+ansible_temp: PlaybooksTemp
+timeout_seconds: 60
# Blocking on GetResults
-getresults_block: yes
+getresults_block: yes
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: REST_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "rest-creds" "key" "login") | indent 10 }}
+ - name: REST_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "rest-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- command:
- /root/ready.py
args:
- name: localtime
hostPath:
path: /etc/localtime
- - name: config
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}
defaultMode: 0644
+ - name: config
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-sdnc-ansible-server-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-ansible-server-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: required
+ - uid: rest-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.restCredsExternalSecret }}'
+ login: '{{ .Values.config.restUser }}'
+ password: '{{ .Values.config.restPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
config:
sdncChartName: sdnc
configDir: /opt/onap/sdnc
- mariadbGalera:
- serviceName: mariadb-galera
+ restUser: sdnc
+ restPassword: sdnc
+ # restCredsExternalSecret: some secret
+mariadb-galera:
+ config:
+ userCredentialsExternalSecret: *dbSecretName
+ userName: sdnc
+ userPassword: sdnc
+ mysqlDatabase: ansible
+ nameOverride: ansible-server-galera
+ service:
+ name: ansible-server-galera
+ portName: ansible-server-galera
+ internalPort: 3306
+ replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: ansible-server/maria/data
# default number of instances
replicaCount: 1
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2020 Samsung Electrinics
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
org.onap.ccsdk.sli.northbound.uebclient.consumer-group=sdc-OpenSource-Env1-sdnc-dockero
org.onap.ccsdk.sli.northbound.uebclient.consumer-id=sdc-COpenSource-Env11-sdnc-dockero
org.onap.ccsdk.sli.northbound.uebclient.environment-name=AUTO
-org.onap.ccsdk.sli.northbound.uebclient.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-org.onap.ccsdk.sli.northbound.uebclient.user=sdnc
-org.onap.ccsdk.sli.northbound.uebclient.sdnc-user=admin
-org.onap.ccsdk.sli.northbound.uebclient.sdnc-passwd={{.Values.config.odlPassword}}
+org.onap.ccsdk.sli.northbound.uebclient.password=${UEB_PASSWORD}
+org.onap.ccsdk.sli.northbound.uebclient.user=${UEB_USER}
+org.onap.ccsdk.sli.northbound.uebclient.sdnc-user=${ODL_USER}
+org.onap.ccsdk.sli.northbound.uebclient.sdnc-passwd=${ODL_PASSWORD}
org.onap.ccsdk.sli.northbound.uebclient.asdc-api-base-url=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations/
org.onap.ccsdk.sli.northbound.uebclient.asdc-api-namespace=org:onap:ccsdk
org.onap.ccsdk.sli.northbound.uebclient.spool.incoming=/opt/onap/sdnc/ueb-listener/spool/incoming
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: UEB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ueb-creds" "key" "login") | indent 10 }}
+ - name: UEB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ueb-creds" "key" "password") | indent 10 }}
+ - name: ODL_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ - name: ODL_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: properties
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbGalera.chartName }}
+ - {{ include "common.mariadbService" . }}
- --container-name
- {{ .Values.config.sdncChartName }}
- --container-name
- name: localtime
hostPath:
path: /etc/localtime
- - name: properties
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}
defaultMode: 0644
+ - name: properties
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ name: '{{ include "common.release" . }}-sdnc-ueb-listener-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-ueb-listener-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: required
+ - uid: odl-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.odlCredsExternalSecret }}'
+ login: '{{ .Values.config.odlUser }}'
+ password: '{{ .Values.config.odlPassword }}'
+ passwordPolicy: required
+ - uid: ueb-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.odlCredsExternalSecret }}'
+ login: '{{ .Values.config.uebUser }}'
+ password: '{{ .Values.config.uebPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
sdcbeChartName: sdc-be
msgRouterContainerName: message-router
configDir: /opt/onap/sdnc/data/properties
+ uebUser: sdnc
+ uebPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ # uebCredsExternalSecret: some secret
+ odlUser: admin
odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- mariadbGalera:
- chartName: mariadb-galera
- serviceName: mariadb-galera
+ # odlCredsExternalSecret: some secret
+
+mariadb-galera:
+ # '&mariadbConfig' means we "store" the values for later use in the file
+ # with '*mariadbConfig' pointer.
+ config:
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-sdnc-ueb-listener-db-secret'
+ userName: sdnctl
+ userPassword: gamma
+ mysqlDatabase: sdnctl
+ nameOverride: ueb-listener-galera
+ service:
+ name: ueb-listener-galera
+ portName: ueb-listener-galera
internalPort: 3306
+ replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: ueb-listener/maria/data
# default number of instances
replicaCount: 1
admin_tenant: "{{ .Values.config.openStackServiceTenantName }}"
member_role: "admin"
tenant_metadata: true
- identity_server_type: "KEYSTONE"
+ identity_server_type: "{{ .Values.config.openStackKeystoneVersion }}"
identity_authentication_type: "USERNAME_PASSWORD"
project_domain_name: "{{ .Values.config.openStackProjectDomainName }}"
user_domain_name: "{{ .Values.config.openStackUserDomainName }}"
openStackTenantId: "d570c718cbc545029f40e50b75eb13df"
openStackProjectDomainName: "openStackProjectDomainName"
openStackUserDomainName: "openStackUserDomainName"
+ # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3
+ openStackKeystoneVersion: "KEYSTONE"
nodeSelector: {}
tolerations: []
affinity: {}
Code Review / oom.git / commitdiff