- name: {{ include "common.name" $dot }}-aaf-config
image: {{ include "repositoryGenerator.repository" $subchartDot }}/{{ $subchartDot.Values.global.aafAgentImage }}
imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
+ securityContext:
+ runAsUser: 0
volumeMounts:
- mountPath: {{ $initRoot.mountPath }}
name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
- -ec
- |
{{- if (not (empty (.Values.galera.bootstrap.bootstrapFromNode | quote)))}}
- {{- $fullname := include "common.names.fullname" . }}
+ {{- $fullname := include "common.fullname" . }}
{{- $bootstrapFromNode := int .Values.galera.bootstrap.bootstrapFromNode }}
# Bootstrap from the indicated node
NODE_ID="${MY_POD_NAME#"{{ $fullname }}-"}"
{{/*
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2021 Nokia. All rights reserved.
# Copyright (c) 2021 Nordix Foundation.
the DCAE microservice image.
The Deployment Pod may also include a logging sidecar container.
-The sidecar is included if .Values.logDirectory is set. The
+The sidecar is included if .Values.log.path is set. The
logging sidecar and the DCAE microservice container share a
volume where the microservice logs are written.
*/}}
{{- define "dcaegen2-services-common.microserviceDeployment" -}}
-{{- $logDir := default "" .Values.log.path -}}
+{{- $log := default dict .Values.log -}}
+{{- $logDir := default "" $log.path -}}
{{- $certDir := default "" .Values.certDirectory . -}}
{{- $tlsServer := default "" .Values.tlsServer -}}
{{- $commonRelease := print (include "common.release" .) -}}
# ================================ LICENSE_START ==========================
# =========================================================================
# Copyright (c) 2021 Nordix Foundation.
+# Copyright (c) 2022 Nokia. All rights reserved.
# =========================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.6.1
+image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.7.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
readinessCheck:
wait_for:
containers:
- - dcae-config-binding-service
- aaf-cm
- dmaap-bc
- dmaap-provisioning-job
plain_port: 8100
port_protocol: http
-# Environment variables
-applicationEnv:
-# Empty path forces DFC to use Consul configuration, which allows app runtime reconfiguration.
-# It's a workaround because DMAAP specific env variables are not available in main container.
- CBS_CLIENT_CONFIG_PATH: ''
-
# Data Router Publisher Credentials
drPubscriberCreds:
username: username
# Dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
- &postgresName dcae-datalake-postgres
# Dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
- &postgresName dcae-heartbeat-postgres
# dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
# probe configuration
# Dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
# Probe Configuration
# ================================ LICENSE_START ==========================
# =========================================================================
# Copyright (C) 2021 Nordix Foundation.
+# Copyright (c) 2022 Nokia. All rights reserved.
# =========================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.pm-mapper:1.7.2
+image: onap/org.onap.dcaegen2.services.pm-mapper:1.8.0
pullPolicy: Always
# Log directory where logging sidecar should look for log files
readinessCheck:
wait_for:
containers:
- - dcae-config-binding-service
- aaf-cm
- dmaap-bc
- dmaap-provisioning-job
# Initial Application Configuration
applicationConfig:
enable_tls: true
- enable_http: false
- aaf_identity: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
+ enable_http: true
+ aaf_identity: ""
+ aaf_password: ""
pm-mapper-filter: "{ \"filters\":[] }"
- key_store_path: /opt/app/pm-mapper/etc/cert/cert.jks
- key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass
- trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks
- trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass
+ key_store_path: ""
+ key_store_pass_path: ""
+ trust_store_path: ""
+ trust_store_pass_path: ""
dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete
streams_publishes:
dmaap_publisher:
client_id: ${MR_FILES_PUBLISHER_CLIENT_ID_0}
location: san-francisco
client_role: org.onap.dcae.pmPublisher
- topic_url: http://message-router:3904/events/org.onap.dmaap.mr.PERFORMANCE_MEASUREMENTS
+ topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS
streams_subscribes:
dmaap_subscriber:
type: data_router
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.pmsh:1.3.2
+image: onap/org.onap.dcaegen2.services.pmsh:2.0.0
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# Dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
- &postgresName dcae-pmsh-postgres
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022 Nokia. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1
+image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.8.0
pullPolicy: Always
# log directory where logging sidecar should look for log files
# dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
# probe configuration
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.collectors.restconfcollector:1.2.7
+image: onap/org.onap.dcaegen2.collectors.restconfcollector:1.3.2
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# Dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
# Probe Configuration
# Dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
- &postgresName dcae-sliceanalysisms-postgres
# and key from AAF and mount them in certDirectory.
tlsServer: true
+
# Dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
+ - message-router
# Probe Configuration
readiness:
# Dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
- &postgresName dcae-sonhms-postgres
# dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
# probe configuration
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
-# Copyright (c) 2021 Nokia. All rights reserved.
+# Copyright (c) 2021-2022 Nokia. All rights reserved.
# Copyright (c) 2022 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.3
+image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.11.0
pullPolicy: Always
# log directory where logging sidecar should look for log files
# dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
# probe configuration
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.3.2
+image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.3.3
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# Dependencies
readinessCheck:
wait_for:
- - dcae-config-binding-service
- aaf-cm
# Service Configuration
# application environments
applicationEnv:
LOG4J_FORMAT_MSG_NO_LOOKUPS: 'true'
+ CONFIG_BINDING_SERVICE_SERVICE_PORT: '10000' # Workaround until DCAEGEN2-3098 is addressed
+ CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+
# Initial Application Configuration
applicationConfig:
# Use to override default setting in blueprints
componentImages:
tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.1
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.1
- prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.11.0
+ prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.8.0
hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.10.0
# Resource Limit flavor -By Default using small
config:
cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-config-binding-service:
- enabled: true
+ enabled: false
dcae-dashboard:
enabled: false
config:
config:
cloudifyManagerPasswordExternalSecret: *cmPassSecretName
dcae-healthcheck:
- enabled: true
+ enabled: false
dcae-inventory-api:
enabled: false
dcae-policy-handler:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim}}
{{- if or .Values.global.aafEnabled .Values.PG.enabled }}
initContainers:
- command:
name: {{ include "common.name" . }}-update-config
{{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-permission-fixer
+ securityContext:
+ runAsUser: 0
image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
command: ["/bin/sh"]
args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ]
- name: {{ include "common.name" . }}-postgres-readiness
+ securityContext:
+ runAsUser: 100
+ runAsGroup: 65533
command:
- /app/ready.py
args:
# Resource Limit flavor -By Default using small
flavor: small
+
+securityContext:
+ user_id: 1000
+ group_id: 101
+
# Segregation for Different environment (Small and Large)
resources:
small:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim}}
initContainers: {{ include "common.certInitializer.initContainer" . | nindent 8 }}
- name: {{ include "common.name" . }}-readiness
+ securityContext:
+ runAsUser: 100
+ runAsGroup: 65533
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
apiVersion: v1
fieldPath: metadata.namespace
- name: {{ include "common.name" . }}-permission-fixer
+ securityContext:
+ runAsUser: 0
image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
# Resource Limit flavor -By Default using small
flavor: small
+
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
# Segregation for Different environment (Small and Large)
resources:
small:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim}}
hostname: {{ .Values.global.dmaapDrProvName }}
initContainers:
- name: {{ include "common.name" . }}-readiness
+ securityContext:
+ runAsUser: 100
+ runAsGroup: 65533
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
{{ include "common.certInitializer.initContainer" . | nindent 8 }}
- name: {{ include "common.name" . }}-permission-fixer
+ securityContext:
+ runAsUser: 0
image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
# Resource Limit flavor -By Default using small
flavor: small
+
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
# Segregation for Different environment (Small and Large)
resources:
small:
vfc:
enabled: true
vid:
- enabled: true
+ enabled: false
vnfsdk:
enabled: true
modeling:
# default password complexity
# available options: phrase, name, pin, basic, short, medium, long, maximum security
- # More datails: https://masterpassword.app/masterpassword-algorithm.pdf
+ # More datails: https://www.masterpasswordapp.com/masterpassword-algorithm.pdf
passwordStrength: long
# configuration to set log level to all components (the one that are using
keyPrefix: conductor
flavor: *etcd-flavor
resources: *etcd-resources
+
+# Python doesn't support well dollar sign in password
+passwordStrengthOverride: basic
\ No newline at end of file