company: 'ATT'
id: 'xuegao'
timezone: 'Belgium/Namur'
+ - name: 'Brian Freeman'
+ email: 'bf1936@att.com'
+ company: 'ATT'
+ id: 'bdfreeman1421'
+ timezone: 'America/New_York'
+ - name: 'Yang Xu'
+ email: 'Yang.Xu3@huawei.com'
+ company: 'Huawei'
+ id: 'xuyang11'
+ timezone: 'America/New_York'
tsc:
approval: 'https://lists.onap.org/pipermail/onap-tsc'
+ changes:
+ - type: 'Addition'
+ name: 'Brian Freeman'
+ name: 'Yang Xu'
+ link: 'TBD'
\ No newline at end of file
# HTTP
# basic (challenging)
# proxy (not challenging, needs xff)
-# kerberos (challenging)
# clientcert (not challenging, needs https)
-# jwt (not challenging)
# host (not challenging) #DEPRECATED, will be removed in a future version.
# host based authentication is configurable in sg_roles_mapping
# Authc
# internal
# noop
-# ldap
# Authz
-# ldap
# noop
+# Some SearchGuard functionality is licensed under Apache-2.0, while other functionality is non-free;
+# see https://github.com/floragunncom/search-guard. The functionality enabled in this configuration
+# file only include those that are licensed under Apache-2.0. Please use care and review SearchGuard's
+# license details before enabling any additional features here.
+
searchguard:
dynamic:
# Set filtered_alias_mode to 'disallow' to forbid more than 2 filtered aliases per index
# Set filtered_alias_mode to 'warn' to allow more than 2 filtered aliases per index but warns about it (default)
# Set filtered_alias_mode to 'nowarn' to allow more than 2 filtered aliases per index silently
#filtered_alias_mode: warn
- #kibana:
- # Kibana multitenancy
- # see https://github.com/floragunncom/search-guard-docs/blob/master/multitenancy.md
- # To make this work you need to install https://github.com/floragunncom/search-guard-module-kibana-multitenancy/wiki
- #multitenancy_enabled: true
- #server_username: kibanaserver
- #index: '.kibana'
- #do_not_fail_on_forbidden: false
http:
anonymous_auth_enabled: false
xff:
###### and here https://tools.ietf.org/html/rfc7239
###### and https://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Remote_IP_Valve
authc:
- kerberos_auth_domain:
- http_enabled: false
- transport_enabled: false
- order: 6
- http_authenticator:
- type: kerberos
- challenge: true
- config:
- # If true a lot of kerberos/security related debugging output will be logged to standard out
- krb_debug: false
- # If true then the realm will be stripped from the user name
- strip_realm_from_principal: true
- authentication_backend:
- type: noop
basic_internal_auth_domain:
http_enabled: true
transport_enabled: true
challenge: false
authentication_backend:
type: noop
- ldap:
- http_enabled: false
- transport_enabled: false
- order: 5
- http_authenticator:
- type: basic
- challenge: false
- authentication_backend:
- # LDAP authentication backend (authenticate users against a LDAP or Active Directory)
- type: ldap
- config:
- # enable ldaps
- enable_ssl: false
- # enable start tls, enable_ssl should be false
- enable_start_tls: false
- # send client certificate
- enable_ssl_client_auth: false
- # verify ldap hostname
- verify_hostnames: true
- hosts:
- - localhost:8389
- bind_dn: null
- password: null
- userbase: 'ou=people,dc=example,dc=com'
- # Filter to search for users (currently in the whole subtree beneath userbase)
- # {0} is substituted with the username
- usersearch: '(sAMAccountName={0})'
- # Use this attribute from the user as username (if not set then DN is used)
- username_attribute: null
- authz:
- roles_from_myldap:
- http_enabled: false
- transport_enabled: false
- authorization_backend:
- # LDAP authorization backend (gather roles from a LDAP or Active Directory, you have to configure the above LDAP authentication backend settings too)
- type: ldap
- config:
- # enable ldaps
- enable_ssl: false
- # enable start tls, enable_ssl should be false
- enable_start_tls: false
- # send client certificate
- enable_ssl_client_auth: false
- # verify ldap hostname
- verify_hostnames: true
- hosts:
- - localhost:8389
- bind_dn: null
- password: null
- rolebase: 'ou=groups,dc=example,dc=com'
- # Filter to search for roles (currently in the whole subtree beneath rolebase)
- # {0} is substituted with the DN of the user
- # {1} is substituted with the username
- # {2} is substituted with an attribute value from user's directory entry, of the authenticated user. Use userroleattribute to specify the name of the attribute
- rolesearch: '(member={0})'
- # Specify the name of the attribute which value should be substituted with {2} above
- userroleattribute: null
- # Roles as an attribute of the user entry
- userrolename: disabled
- #userrolename: memberOf
- # The attribute in a role entry containing the name of that role, Default is "name".
- # Can also be "dn" to use the full DN as rolename.
- rolename: cn
- # Resolve nested roles transitive (roles which are members of other roles and so on ...)
- resolve_nested_roles: true
- userbase: 'ou=people,dc=example,dc=com'
- # Filter to search for users (currently in the whole subtree beneath userbase)
- # {0} is substituted with the username
- usersearch: '(uid={0})'
- # Skip users matching a user name, a wildcard or a regex pattern
- #skip_users:
- # - 'cn=Michael Jackson,ou*people,o=TEST'
- # - '/\S*/'
- roles_from_another_ldap:
- enabled: false
- authorization_backend:
- type: ldap
- #config goes here ...
+ authz:
\ No newline at end of file
--- /dev/null
+credential.cache.timeout.ms=180000
+transactionid.header.name=X-TransactionId
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/AAF-FPS" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="debug">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.fproxy" level="trace" additivity="false">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </logger>
+
+</configuration>
--- /dev/null
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
--- /dev/null
+[
+ {
+ "uri": "\/services\/search-data-service\/.*",
+ "method": "GET|PUT|POST|DELETE",
+ "permissions": [
+ "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+ ]
+ }
+
+
+]
--- /dev/null
+# This is a normal Java Properties File
+# Comments are with Pound Signs at beginning of lines,
+# and multi-line expression of properties can be obtained by backslash at end of line
+
+#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
+#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
+#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
+#to your hosts file on your machine.
+#hostname=test.aic.cip.att.com
+
+cadi_loglevel=DEBUG
+
+# OAuth2
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect
+
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
+
+# Locate URL (which AAF Env)
+aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
+
+# AAF URL
+aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0
+
+cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
+cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
+cadi_alias=aai@aai.onap.org
+cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
+cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+aaf_env=DEV
+
+aaf_id=demo@people.osaaf.org
+aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
+
+# This is a colon separated list of client cert issuers
+cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
--- /dev/null
+forward-proxy.protocol = https
+forward-proxy.host = localhost
+forward-proxy.port = 10680
+forward-proxy.cacheurl = /credential-cache
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/reverse-proxy" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="debug">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.rproxy" level="trace" additivity="false">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </logger>
+
+</configuration>
--- /dev/null
+primary-service.protocol = https
+primary-service.host = localhost
+primary-service.port = 9509
--- /dev/null
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
--- /dev/null
+transactionid.header.name=X-TransactionId
\ No newline at end of file
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
+{{ end }}
+
release: {{ .Release.Name }}
name: {{ include "common.name" . }}
spec:
+ {{ if .Values.global.installSidecarSecurity }}
+ initContainers:
+ - name: {{ .Values.global.tproxyConfig.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ privileged: true
+ {{ end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-service-filebeat
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ .Values.global.rproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/rproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.config.keyStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.rproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/forward-proxy.properties
+ subPath: forward-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/primary-service.properties
+ subPath: primary-service.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/reverse-proxy.properties
+ subPath: reverse-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/cadi.properties
+ subPath: cadi.properties
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ mountPath: /opt/app/rproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+ mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+ mountPath: /opt/app/rproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+ mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
+ subPath: uri-authorization.json
+ - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+ mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
+ subPath: org.onap.aai.p12
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ mountPath: /opt/app/rproxy/config/security/keyfile
+ subPath: keyfile
+
+ ports:
+ - containerPort: {{ .Values.global.rproxy.port }}
+
+ - name: {{ .Values.global.fproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/fproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.config.keyStorePassword }}
+ - name: TRUST_STORE_PASSWORD
+ value: {{ .Values.config.trustStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.fproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ mountPath: /opt/app/fproxy/config/fproxy.properties
+ subPath: fproxy.properties
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ mountPath: /opt/app/fproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+ mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
+ subPath: fproxy_truststore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+ mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+ mountPath: /opt/app/fproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ ports:
+ - containerPort: {{ .Values.global.fproxy.port }}
+ {{ end }}
+
volumes:
- name: localtime
hostPath:
- name: {{ include "common.fullname" . }}-service-log-conf
configMap:
name: {{ include "common.fullname" . }}-service-log
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+ secret:
+ secretName: aai-rproxy-auth-certs
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ secret:
+ secretName: aai-rproxy-security-config
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+ secret:
+ secretName: aai-fproxy-auth-certs
+ {{ end }}
restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/auth/search_policy.json").AsSecrets . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-auth-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
+{{ end }}
+
spec:
type: {{ .Values.service.type }}
ports:
+ {{ if .Values.global.installSidecarSecurity }}
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ targetPort: {{ .Values.global.rproxy.port }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.global.rproxy.port }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ {{ else }}
+
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- port: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
{{- end}}
+{{ end }}
selector:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
elasticsearchHttpPort: 9200
keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
+ trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
# default number of instances
replicaCount: 1
# See the License for the specific language governing permissions and
# limitations under the License.
-startODL_status=$(ps -e | grep startODL | wc -l)
waiting_bundles=$(/opt/opendaylight/current/bin/client bundle:list | grep Waiting | wc -l)
run_level=$(/opt/opendaylight/current/bin/client system:start-level)
- if [ "$run_level" == "Level 100" ] && [ "$startODL_status" -lt "1" ] && [ "$waiting_bundles" -lt "1" ]
+ if [ "$run_level" == "Level 100" ] && [ "$waiting_bundles" -lt "1" ]
then
echo APPC is healthy.
else
# limitations under the License.
apiVersion: v1
-description: ONAP Common Design Studio
+description: ONAP Controller Design Studio (CDS)
name: cds
version: 4.0.0
# limitations under the License.
apiVersion: v1
-description: Blueprints Processor Micro Service
-name: blueprints-processor
+description: ONAP CDS Blueprints Processor
+name: cds-blueprints-processor
version: 4.0.0
\ No newline at end of file
-# Copyright (c) 2019 IBM, Bell Canada.\r
-#\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-\r
-# Functionality config\r
-blueprintsprocessor.grpcEnable=true\r
-blueprintsprocessor.restconfEnabled=true\r
-blueprintsprocessor.httpPort=8080\r
-blueprintsprocessor.grpcPort=9111\r
-\r
-# Basic Authentication\r
-security.user.password: {bcrypt}$2a$10$duaUzVUVW0YPQCSIbGEkQOXwafZGwQ/b32/Ys4R1iwSSawFgz7QNu\r
-security.user.name: ccsdkapps\r
-\r
-# Blueprint Processor File Execution and Handling Properties\r
-blueprintsprocessor.blueprintDeployPath=/opt/app/onap/blueprints/deploy\r
-blueprintsprocessor.blueprintArchivePath=/opt/app/onap/blueprints/archive\r
-\r
-# Primary Database Configuration\r
-blueprintsprocessor.db.primary.url=jdbc:mysql://cds-db:3306/sdnctl\r
-blueprintsprocessor.db.primary.username=sdnctl\r
-blueprintsprocessor.db.primary.password=sdnctl\r
-blueprintsprocessor.db.primary.driverClassName=org.mariadb.jdbc.Driver\r
-blueprintsprocessor.db.primary.hibernateHbm2ddlAuto=update\r
-blueprintsprocessor.db.primary.hibernateDDLAuto=update\r
-blueprintsprocessor.db.primary.hibernateNamingStrategy=org.hibernate.cfg.ImprovedNamingStrategy\r
-blueprintsprocessor.db.primary.hibernateDialect=org.hibernate.dialect.MySQL5InnoDBDialect\r
-\r
-# Python executor\r
-blueprints.processor.functions.python.executor.executionPath=/opt/app/onap/scripts/jython/ccsdk_blueprints\r
-blueprints.processor.functions.python.executor.modulePaths=/opt/app/onap/scripts/jython/ccsdk_blueprints,/opt/app/onap/scripts/jython/ccsdk_netconf\r
-\r
-# SDN-C's ODL Restconf Connection Details\r
-blueprintsprocessor.restclient.sdncodl.type=basic-auth\r
-blueprintsprocessor.restclient.sdncodl.url=http://sdnc:8282/\r
-blueprintsprocessor.restclient.sdncodl.username=admin\r
-blueprintsprocessor.restclient.sdncodl.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
\ No newline at end of file
+#
+# Copyright (c) 2017-2019 AT&T, IBM, Bell Canada, Nordix Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Web server config
+blueprintsprocessor.grpcEnable=true
+blueprintsprocessor.httpPort=8080
+blueprintsprocessor.grpcPort=9111
+
+# Blueprint Processor File Execution and Handling Properties
+blueprintsprocessor.blueprintDeployPath=/opt/app/onap/blueprints/deploy
+blueprintsprocessor.blueprintArchivePath=/opt/app/onap/blueprints/archive
+blueprintsprocessor.blueprintWorkingPath=/opt/app/onap/blueprints/work
+
+# Primary Database Configuration
+blueprintsprocessor.db.primary.url=jdbc:mysql://cds-db:3306/sdnctl
+blueprintsprocessor.db.primary.username=sdnctl
+blueprintsprocessor.db.primary.password=sdnctl
+blueprintsprocessor.db.primary.driverClassName=org.mariadb.jdbc.Driver
+blueprintsprocessor.db.primary.hibernateHbm2ddlAuto=update
+blueprintsprocessor.db.primary.hibernateDDLAuto=update
+blueprintsprocessor.db.primary.hibernateNamingStrategy=org.hibernate.cfg.ImprovedNamingStrategy
+blueprintsprocessor.db.primary.hibernateDialect=org.hibernate.dialect.MySQL5InnoDBDialect
+
+# Python executor
+blueprints.processor.functions.python.executor.executionPath=/opt/app/onap/scripts/jython/ccsdk_blueprints
+blueprints.processor.functions.python.executor.modulePaths=/opt/app/onap/scripts/jython/ccsdk_blueprints,/opt/app/onap/scripts/jython/ccsdk_netconf,/opt/app/onap/scripts/jython/ccsdk_restconf
+
+security.user.password: {bcrypt}$2a$10$duaUzVUVW0YPQCSIbGEkQOXwafZGwQ/b32/Ys4R1iwSSawFgz7QNu
+security.user.name: ccsdkapps
+
+# SDN-C's ODL Restconf Connection Details
+blueprintsprocessor.restconfEnabled=true
+blueprintsprocessor.restclient.sdncodl.type=basic-auth
+blueprintsprocessor.restclient.sdncodl.url=http://sdnc:8282/
+blueprintsprocessor.restclient.sdncodl.username=admin
+blueprintsprocessor.restclient.sdncodl.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+# Executor Options
+blueprintprocessor.resourceResolution.enabled=true
+blueprintprocessor.netconfExecutor.enabled=true
+blueprintprocessor.restConfExecutor.enabled=true
+blueprintprocessor.remoteScriptCommand.enabled=true
+
+# Command executor
+blueprintsprocessor.grpcclient.remote-python.type=token-auth
+blueprintsprocessor.grpcclient.remote-python.host=cds-command-executor
+blueprintsprocessor.grpcclient.remote-python.port=50051
+blueprintsprocessor.grpcclient.remote-python.token=Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
\ No newline at end of file
<logger name="org.hibernate" level="error"/>
<logger name="org.onap.ccsdk.apps" level="info"/>
- <root level="warn">
+ <root level="info">
<appender-ref ref="STDOUT"/>
</root>
value: {{ .Values.config.appConfigDir }}
ports:
- containerPort: {{ .Values.service.http.internalPort }}
- {{ if .Values.config.grpcEnabled }}
- containerPort: {{ .Values.service.grpc.internalPort }}
- {{ end }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
- mountPath: {{ .Values.config.appConfigDir }}/logback.xml
name: {{ include "common.fullname" . }}-config
subPath: logback.xml
+ - mountPath: {{ .Values.persistence.deployedBlueprint }}
+ name: {{ include "common.fullname" . }}-blueprints
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: application.properties
- key: logback.xml
path: logback.xml
+ - name: {{ include "common.fullname" . }}-blueprints
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-cds-blueprints
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+{{- if not .Values.persistence.storageClass -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-blueprints
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}-blueprints
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ .Release.Name }}-cds-blueprints
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if not .Values.persistence.storageClass }}
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}-blueprints
+{{- end }}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}}
internalPort: 9111
externalPort: 9111
+
persistence:
enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteMany
+ size: 2Gi
+ enabled: true
+ mountSubPath: cds/blueprints/deploy
+ deployedBlueprint: /opt/app/onap/blueprints/deploy
ingress:
enabled: false
--- /dev/null
+# Copyright (c) 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP CDS Command Executor
+name: cds-command-executor
+version: 4.0.0
\ No newline at end of file
--- /dev/null
+# Copyright (c) 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~4.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+# Copyright (c) 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ initContainers:
+ - command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - cds-blueprints-processor
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.grpc.internalPort }}
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.grpc.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.grpc.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: {{ .Values.persistence.deployedBlueprint }}
+ name: {{ include "common.fullname" . }}-blueprints
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-blueprints
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-cds-blueprints
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (c) 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.grpc.externalPort }}
+ targetPort: {{ .Values.service.grpc.internalPort }}
+ {{- if eq .Values.service.type "NodePort"}}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ {{- end}}
+ name: {{ .Values.service.grpc.portName | default "grpc" }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
\ No newline at end of file
--- /dev/null
+# Copyright (c) 2019 Bell Canada
+#
+# Modifications Copyright (c) 2019 Bell Canada.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+
+ # image repositories
+ repository: nexus3.onap.org:10001
+
+ # readiness check
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+ # image pull policy
+ pullPolicy: Always
+
+ persistence:
+ mountPath: /dockerdata-nfs
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/ccsdk-commandexecutor:0.4.2-STAGING-latest
+pullPolicy: Always
+
+# application configuration
+config:
+ basicAuth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ grpc:
+ portName: command-executor-grpc
+ internalPort: 50051
+ externalPort: 50051
+
+persistence:
+ enabled: true
+ mountSubPath: cds/blueprints/deploy
+ deployedBlueprint: /opt/app/onap/blueprints/deploy
+
+ingress:
+ enabled: false
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
# limitations under the License.
apiVersion: v1
-description: Controller Blueprints Micro Service
-name: controller-blueprints
+description: ONAP CDS Controller Blueprints
+name: cds-controller-blueprints
version: 4.0.0
\ No newline at end of file
--- /dev/null
+# Copyright (c) 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP CDS UI
+name: cds-ui
+version: 4.0.0
\ No newline at end of file
--- /dev/null
+# Copyright (c) 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~4.x-0
+ repository: '@local'
\ No newline at end of file
ports:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}-{{ .Values.service.internalPort }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
--- /dev/null
+# Copyright © 2018 Orange
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:1.1.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+subChartsOnly:
+ enabled: true
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/ccsdk-cds-ui-server:0.4.2-STAGING-latest
+pullPolicy: Always
+
+# application configuration
+config:
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ httpGet:
+ path: /
+ port: 3000
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ httpGet:
+ path: /ping
+ port: 3000
+ initialDelaySeconds: 30
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ portName: ui
+ name: cds-ui
+ nodePort: 97
+ internalPort: 3000
+
+ingress:
+ enabled: false
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 10m
+ memory: 100Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 200m
+ memory: 200Mi
+ unlimited: {}
-# Copyright © 2018 Orange
-# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2019 Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 303
- readinessRepository: oomk8s
- readinessImage: readiness-check:1.1.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-subChartsOnly:
- enabled: true
-
-# application image
-repository: nexus3.onap.org:10001
-image: onap/ccsdk-cds-ui:1.0.0-STAGING-latest
-pullPolicy: Always
-
-# application configuration
-config:
-
mariadb-galera:
config:
userName: sdnctl
replicaCount: 1
persistence:
enabled: true
- mountSubPath: cds/data
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- httpGet:
- path: /
- port: 3000
- initialDelaySeconds: 30
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- httpGet:
- path: /ping
- port: 3000
- initialDelaySeconds: 30
- periodSeconds: 10
-
-service:
- type: NodePort
- portName: ui
- name: cds
- nodePort: 97
- internalPort: 3000
-
-ingress:
- enabled: false
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 10m
- memory: 100Mi
- large:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 200m
- memory: 200Mi
- unlimited: {}
+ mountSubPath: cds/data
\ No newline at end of file
# If API authorization is required, then implement a class to enforce it.
# This overrides the Class used for API permission check.
-#ApiPermission.Class: com.company.policy.DecisionPolicy
+ApiPermission.Class: org.onap.dmaap.dbcapi.authentication.AllowAll
#####################################################
#
- name: DELAY
value: "0"
- name: PROTO
- value: "http"
+ value: "https"
- name: PORT
- value: "8080"
+ value: "8443"
- name: REQUESTID
value: "{{.Chart.Name}}-post-install"
volumeMounts:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-app:2.3.1
+image: onap/portal-app:2.5.0-STAGING-latest
pullPolicy: Always
# default number of instances
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-db:2.3.1
+image: onap/portal-db:2.5.0-STAGING-latest
pullPolicy: Always
readinessImage: readiness-check:2.0.0
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-sdk:2.3.1
+image: onap/portal-sdk:2.5.0-STAGING-latest
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-wms:2.3.1
+image: onap/portal-wms:2.5.0-STAGING-latest
pullPolicy: Always
# flag to enable debugging - application support required
GLOBAL_MR_SERVER_PROTOCOL = "http"
GLOBAL_MR_SERVER_PORT = "3904"
# bus controller info
-GLOBAL_BC_SERVER_PORT = "8080"
GLOBAL_BC_HTTPS_SERVER_PORT = "8443"
GLOBAL_BC_USERNAME = "{{ .Values.bcUsername }}"
GLOBAL_BC_PASSWORD = "{{ .Values.bcPassword }}"
GLOBAL_INJECTED_OPENSTACK_PASSWORD_REGION_THREE = "{{ .Values.openStackPasswordRegionThree }}"
GLOBAL_INJECTED_OPENSTACK_MSO_ENCRYPTED_PASSWORD_REGION_THREE = "{{ .Values.openSackMsoEncryptdPasswordRegionThree }}"
GLOBAL_INJECTED_OPENSTACK_TENANT_ID_REGION_THREE = "{{ .Values.openStackTenantIdRegionThree }}"
-GLOBAL_INJECTED_OPENSTACK_PROJECT_DOMAIN__REGION_THREE = "{{ .Values.openStackProjectNameRegionThree }}"
-GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN__REGION_THREE = "{{ .Values.openStackDomainIdRegionThree }}"
+GLOBAL_INJECTED_OPENSTACK_PROJECT_DOMAIN_REGION_THREE = "{{ .Values.openStackProjectNameRegionThree }}"
+GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN_REGION_THREE = "{{ .Values.openStackDomainIdRegionThree }}"
GLOBAL_INJECTED_OPENSTACK_OAM_NETWORK_CIDR_PREFIX = "{{ .Values.openStackOamNetworkCidrPrefix }}"
GLOBAL_INJECTED_POLICY_IP_ADDR = "pdp.{{include "common.namespace" .}}"
GLOBAL_INJECTED_POLICY_HEALTHCHECK_IP_ADDR = "drools.{{include "common.namespace" .}}"
"GLOBAL_INJECTED_OPENSTACK_PASSWORD_REGION_THREE" : "{{ .Values.openStackPasswordRegionThree }}",
"GLOBAL_INJECTED_OPENSTACK_MSO_ENCRYPTED_PASSWORD_REGION_THREE" : "{{ .Values.openSackMsoEncryptdPasswordRegionThree }}",
"GLOBAL_INJECTED_OPENSTACK_TENANT_ID_REGION_THREE" : "{{ .Values.openStackTenantIdRegionThree }}",
- "GLOBAL_INJECTED_OPENSTACK_PROJECT_DOMAIN__REGION_THREE" : "{{ .Values.openStackProjectNameRegionThree }}",
- "GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN__REGION_THREE" : "{{ .Values.openStackDomainIdRegionThree }}",
+ "GLOBAL_INJECTED_OPENSTACK_PROJECT_DOMAIN_REGION_THREE" : "{{ .Values.openStackProjectNameRegionThree }}",
+ "GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN_REGION_THREE" : "{{ .Values.openStackDomainIdRegionThree }}",
"GLOBAL_INJECTED_OPENSTACK_OAM_NETWORK_CIDR_PREFIX" : "{{ .Values.openStackOamNetworkCidrPrefix }}",
"GLOBAL_INJECTED_POLICY_IP_ADDR" : "pdp.{{include "common.namespace" .}}",
"GLOBAL_INJECTED_POLICY_HEALTHCHECK_IP_ADDR" : "drools.{{include "common.namespace" .}}",
# Project name of Openstack where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_PROJECT_NAME
openStackProjectName: "onap"
# Domain id of openstack where VNFs will be deployed. Maps to GLOBAL_INJECTED_OPENSTACK_DOMAIN_ID
-openStackDomainId: "default"
+openStackDomainId: "Default"
# Openstack Keystone API version. Valid values are [ v2.0, v3 ]. Maps to GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION
openStackKeystoneAPIVersion: "v2.0"
# Values for second cloud instante for VNF instantiatioen testing and keystone v3
openSackMsoEncryptdPasswordRegionThree: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
openStackTenantIdRegionThree: "3583253e932845a09cd4c8ca2f31d095"
openStackProjectNameRegionThree: "Integration-HEAT-Staging-Daily"
-openStackDomainIdRegionThree: "default"
+openStackDomainIdRegionThree: "Default"
#
# Openstack glance image name for Ubuntu 14. Maps to GLOBAL_INJECTED_UBUNTU_1404_IMAGE
ubuntu14Image: "Ubuntu_14_trusty"
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-be:1.3.0
+image: onap/dcae-be:1.3-STAGING-latest
pullPolicy: Always
-backendInitImage: onap/dcae-tools:1.3.0
+backendInitImage: onap/dcae-tools:1.3-STAGING-latest
# flag to enable debugging - application support required
debugEnabled: false
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-dt:1.2.0
+image: onap/dcae-dt:1.2-STAGING-latest
pullPolicy: IfNotPresent
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-fe:1.3.0
+image: onap/dcae-fe:1.3-STAGING-latest
pullPolicy: Always
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-tosca-app:1.3.0
+image: onap/dcae-tosca-app:1.3-STAGING-latest
pullPolicy: Always
# flag to enable debugging - application support required
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
+ - name: MYSQL_AUTH
+ value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+ - name: REDIS_ADDR
+ value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-catalog
mountPath: /service/vfc/nfvo/catalog/static
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/catalog:1.2.1
+image: onap/vfc/catalog:1.3.0-STAGING-latest
pullPolicy: Always
#Istio sidecar injection policy
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/db:1.2.1
+image: onap/vfc/db:1.3.0-STAGING-latest
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: ClusterIP
- name: vfc-db
- portName: vfc-db
+ name: vfc-redis
+ portName: vfc-redis
externalPort: 3306
internalPort: 3306
externalPort2: 6379
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/emsdriver:1.2.1
+image: onap/vfc/emsdriver:1.3.0-STAGING-latest
pullPolicy: Always
#Istio sidecar injection policy
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/gvnfmdriver:1.2.1
+image: onap/vfc/gvnfmdriver:1.3.0-STAGING-latest
pullPolicy: Always
#Istio sidecar injection policy
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nfvo/svnfm/huawei:1.2.1
+image: onap/vfc/nfvo/svnfm/huawei:1.3.0-STAGING-latest
pullPolicy: Always
#Istio sidecar injection policy
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/jujudriver:1.2.1
+image: onap/vfc/jujudriver:1.3.0-STAGING-latest
pullPolicy: Always
#Istio sidecar injection policy
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/multivimproxy:1.2.1
+image: onap/vfc/multivimproxy:1.3.0-STAGING-latest
pullPolicy: Always
#Istio sidecar injection policy
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nfvo/svnfm/nokiav2:1.3.0
+image: onap/vfc/nfvo/svnfm/nokiav2:1.3.1-STAGING-latest
pullPolicy: Always
#Istio sidecar injection policy
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
+ - name: MYSQL_AUTH
+ value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+ - name: REDIS_ADDR
+ value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nslcm:1.2.1
+image: onap/vfc/nslcm:1.3.0-STAGING-latest
pullPolicy: Always
#Istio sidecar injection policy
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/resmanagement:1.2.1
+image: onap/vfc/resmanagement:1.3.0-STAGING-latest
pullPolicy: Always
#Istio sidecar injection policy
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
+ - name: MYSQL_AUTH
+ value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+ - name: REDIS_ADDR
+ value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnflcm:1.2.1
+image: onap/vfc/vnflcm:1.3.0-STAGING-latest
pullPolicy: Always
#Istio sidecar injection policy
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
+ - name: REDIS_ADDR
+ value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: MYSQL_AUTH
+ value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnfmgr:1.2.1
+image: onap/vfc/vnfmgr:1.3.0-STAGING-latest
pullPolicy: Always
#Istio sidecar injection policy
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
+ - name: REDIS_ADDR
+ value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: MYSQL_AUTH
+ value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnfres:1.2.1
+image: onap/vfc/vnfres:1.3.0-STAGING-latest
pullPolicy: Always
#Istio sidecar injection policy
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/wfengine-activiti:1.2.0
+image: onap/vfc/wfengine-activiti:1.3.0-STAGING-latest
pullPolicy: Always
#Istio sidecar injection policy
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/wfengine-mgrservice:1.2.0
+image: onap/vfc/wfengine-mgrservice:1.3.0-STAGING-latest
pullPolicy: Always
#Istio sidecar injection policy
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/ztesdncdriver:1.2.0
+image: onap/vfc/ztesdncdriver:1.2.0-STAGING-latest
pullPolicy: Always
#Istio sidecar injection policy
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/ztevnfmdriver:1.2.1
+image: onap/vfc/ztevnfmdriver:1.3.0-STAGING-latest
pullPolicy: Always
#Istio sidecar injection policy
dependencies:
- name: common
version: ~4.x-0
- repository: '@local'
\ No newline at end of file
+ repository: '@local'
+ - name: mariadb-galera
+ version: ~4.x-0
+ repository: '@local'
msbPort: 80
dbServiceName: vfc-db
dbPort: 3306
+ dbUser: root
+ mariadbRootPassword: secretpassword
+ redisServiceName: vfc-redis
+ redisPort: 6379
persistence:
mountPath: /dockerdata-nfs
logstashServiceName: log-ls
logstashPort: 5044
+mariadb-galera:
+ nameOverride: vfc-mariadb
+ service:
+ name: vfc-db
+ portName: vfc-db
+ nfsprovisionerPrefix: vfc
+ persistence:
+ mountSubPath: vfc/data
+ enabled: true
+ disableNfsProvisioner: true
+
+catalog:
+ config:
+ dbPodName: vfc-db
+ dbServiceName: vfc-db
+nslcm:
+ config:
+ dbPodName: vfc-db
+ dbServiceName: vfc-db
# sub-chart configuration
vfc-workflow:
service:
Code Review / oom.git / commitdiff