chart-version: { get_input: chart-version }
namespace: { get_input: namespace }
stable-repo-url: { get_input: stable-repo-url}
- config: '{ "aaf": {"enabled": false}, "aai": {"enabled": false}, "appc": {"enabled": false}, "clamp": {"enabled": false}, "cli": {"enabled": false}, "consul": {"enabled": false}, "dcaegen2": {"enabled": false}, "dmaap": {"enabled": false}, "esr": {"enabled": false}, "log": {"enabled": false}, "sniro-emulator": {"enabled": false}, "msb": {"enabled": false}, "multicloud": {"enabled": false}, "nbi": {"enabled": false}, "oof": {"enabled": false}, "policy": {"enabled": false}, "pomba": {"enabled": false}, "portal": {"enabled": false}, "robot": {"enabled": false}, "sdc": {"enabled": false}, "sdnc": {"enabled": false}, "so": {"enabled": false}, "uui": {"enabled": false}, "vfc": {"enabled": false}, "vid": {"enabled": false}, "vnfsdk": {"enabled": false} }'
+ config: '{ "aaf": {"enabled": false}, "aai": {"enabled": false}, "appc": {"enabled": false}, "clamp": {"enabled": false}, "cli": {"enabled": false}, "consul": {"enabled": false}, "dcaegen2": {"enabled": false}, "dmaap": {"enabled": false}, "log": {"enabled": false}, "sniro-emulator": {"enabled": false}, "msb": {"enabled": false}, "multicloud": {"enabled": false}, "nbi": {"enabled": false}, "oof": {"enabled": false}, "policy": {"enabled": false}, "pomba": {"enabled": false}, "portal": {"enabled": false}, "robot": {"enabled": false}, "sdc": {"enabled": false}, "sdnc": {"enabled": false}, "so": {"enabled": false}, "uui": {"enabled": false}, "vfc": {"enabled": false}, "vid": {"enabled": false}, "vnfsdk": {"enabled": false} }'
aaf:
type: onap.nodes.component
- type: cloudify.relationships.connected_to
target: onap_env
- esr:
- type: onap.nodes.component
- properties:
- tiller-server-ip: { get_input: tiller-server-ip }
- tiller-server-port: { get_input: tiller-server-port }
- component-name: esr
- chart-repo-url: { get_input: chart-repo-url }
- chart-version: { get_input: chart-version }
- namespace: { get_input: namespace }
- stable-repo-url: { get_input: stable-repo-url}
- relationships:
- - type: cloudify.relationships.connected_to
- target: onap_env
-
log:
type: onap.nodes.component
properties:
stable-repo-url: { get_input: stable-repo-url}
relationships:
- type: cloudify.relationships.connected_to
- target: onap_env
\ No newline at end of file
+ target: onap_env
enabled: false
dcaegen2:
enabled: false
-esr:
- enabled: false
log:
enabled: false
message-router:
local/dcaegen2 8.0.0 ONAP DCAE Gen2
local/dgbuilder 8.0.0 D.G. Builder application
local/dmaap 8.0.0 ONAP DMaaP components
-local/esr 8.0.0 ONAP External System Register
local/log 8.0.0 ONAP Logging ElasticStack
local/mariadb-galera 8.0.0 Chart for MariaDB Galera cluster
local/mongo 8.0.0 MongoDB Server
-#!/bin/bash
+#!/bin/sh
usage () {
echo "Usage:"
#Update the /etc/exports
NFS_EXP=""
for i in $@; do
- NFS_EXP+="$i(rw,sync,no_root_squash,no_subtree_check) "
+ NFS_EXP="${NFS_EXP}$i(rw,sync,no_root_squash,no_subtree_check) "
done
echo "/dockerdata-nfs "$NFS_EXP | sudo tee -a /etc/exports
-#!/bin/bash
+#!/bin/sh
DOCKER_VERSION=18.09.5
systemctl restart docker
apt-mark hold docker-ce
-IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
-HOSTNAME=`hostname`
+IP_ADDR=$(ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}')
+HOST_NAME=$(hostname)
-echo "$IP_ADDR $HOSTNAME" >> /etc/hosts
+echo "$IP_ADDR $HOST_NAME" >> /etc/hosts
docker login -u docker -p docker nexus3.onap.org:10001
-#!/bin/bash
+#!/bin/sh
DOCKER_VERSION=18.09.5
systemctl restart docker
apt-mark hold docker-ce
-IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
-HOSTNAME=`hostname`
+IP_ADDR=$(ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}')
+HOST_NAME=$(hostname)
-echo "$IP_ADDR $HOSTNAME" >> /etc/hosts
+echo "$IP_ADDR $HOST_NAME" >> /etc/hosts
docker login -u docker -p docker nexus3.onap.org:10001
-#!/bin/bash
+#!/bin/sh
apt-get update
-IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
-HOSTNAME=`hostname`
+IP_ADDR=$(ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}')
+HOST_NAME=$(hostname)
-echo "$IP_ADDR $HOSTNAME" >> /etc/hosts
+echo "$IP_ADDR $HOST_NAME" >> /etc/hosts
sudo apt-get install make -y
--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0
+ International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. (c) ONAP Project and its contributors
+.. _release_notes_honolulu:
+
+:orphan:
+
+*************************************
+ONAP Operations Manager Release Notes
+*************************************
+
+Previous Release Notes
+======================
+
+- :ref:`Guilin <release_notes_guilin>`
+- :ref:`Frankfurt <release_notes_frankfurt>`
+- :ref:`El Alto <release_notes_elalto>`
+- :ref:`Dublin <release_notes_dublin>`
+- :ref:`Casablanca <release_notes_casablanca>`
+- :ref:`Beijing <release_notes_beijing>`
+- :ref:`Amsterdam <release_notes_amsterdam>`
+
+Abstract
+========
+
+This document provides the release notes for the Honolulu release.
+
+Summary
+=======
+
+The focus of this release is to strengthen the foundation of OOM installer.
+
+Release Data
+============
+
++--------------------------------------+--------------------------------------+
+| **Project** | OOM |
+| | |
++--------------------------------------+--------------------------------------+
+| **Docker images** | N/A |
+| | |
++--------------------------------------+--------------------------------------+
+| **Release designation** | Honolulu |
+| | |
++--------------------------------------+--------------------------------------+
+| **Release date** | 2021/04/29 |
+| | |
++--------------------------------------+--------------------------------------+
+
+New features
+------------
+
+* Kubernetes support for version up to 1.20
+* Helm support for version up to 3.5
+* Limits are set for most of the components
+* Portal-Cassandra image updated to Bitnami, supporting IPv4/IPv6 Dual Stack
+* CMPv2 external issuer implemented which extends Cert-Manager with ability to
+ enroll X.509 certificates from CMPv2 servers
+* New version for mariadb galera using Bitnami image, supporting IPv4/IPv6 Dual
+ Stack
+* Bump version of common PostgreSQL and ElasticSearch
+* Move to automatic certificates retrieval for 80% of the components
+* Consistent retrieval of docker images, with ability to configure proxy for
+ the 4 repositories used by ONAP
+
+**Bug fixes**
+
+A list of issues resolved in this release can be found here:
+https://jira.onap.org/projects/OOM/versions/11073
+
+major issues solved:
+
+* Better handling of persistence on PostgreSQL
+* Better Ingress templating
+* Better Service templating
+
+**Known Issues**
+
+- `OOM-2554 <https://jira.onap.org/browse/OOM-2554>`_ Common pods have java 8
+- `OOM-2435 <https://jira.onap.org/browse/OOM-2435>`_ SDNC karaf shell:
+ log:list: Error executing command: Unrecognized configuration
+- `OOM-2629 <https://jira.onap.org/browse/OOM-2629>`_ NetBox demo entry setup
+ not complete
+- `OOM-2706 <https://jira.onap.org/browse/OOM-2706>`_ CDS Blueprint Processor
+ does not work with local DB
+- `OOM-2713 <https://jira.onap.org/browse/OOM-2713>`_ Problem on onboarding
+ custom cert to SDNC ONAP during deployment
+- `OOM-2698 <https://jira.onap.org/browse/OOM-2698>`_ SO helm override fails in
+ for value with multi-level replacement
+- `OOM-2697 <https://jira.onap.org/browse/OOM-2697>`_ SO with local MariaDB
+ deployment fails
+- `OOM-2538 <https://jira.onap.org/browse/OOM-2538>`_ strange error with
+ CertInitializer template
+- `OOM-2547 <https://jira.onap.org/browse/OOM-2547>`_ Health Check failures
+ seen after bringing down/up control plane & worker node VM instances on which
+ ONAP hosted
+- `OOM-2699 <https://jira.onap.org/browse/OOM-2699>`_ SO so-mariadb
+ readinessCheck fails for local MariaDB instance
+- `OOM-2705 <https://jira.onap.org/browse/OOM-2705>`_ SDNC DB installation fails
+ on local MariaDB instance
+- `OOM-2603 <https://jira.onap.org/browse/OOM-2603>`_ [SDNC] allign password for
+ scaleoutUser/restconfUser/odlUser
+
+Deliverables
+------------
+
+Software Deliverables
+~~~~~~~~~~~~~~~~~~~~~
+
+OOM provides `Helm charts <https://git.onap.org/oom/>`_ that needs to be
+"compiled" into Helm package. see step 6 in
+:doc:`quickstart guide <oom_quickstart_guide>`.
+
+Documentation Deliverables
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- :doc:`Project Description <oom_project_description>`
+- :doc:`Cloud Setup Guide <oom_cloud_setup_guide>`
+- :doc:`Quick Start Guide <oom_quickstart_guide>`
+- :doc:`Setup Ingress Controller <oom_setup_ingress_controller>`
+- :doc:`Developer Guide <oom_developer_guide>`
+- :doc:`Hardcoded Certificates <oom_hardcoded_certificates>`
+
+Known Limitations, Issues and Workarounds
+=========================================
+
+Known Vulnerabilities
+---------------------
+
+- Hard coded password used for all OOM deployments
+ [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
+- :doc:`Hard coded certificates <oom_hardcoded_certificates>` in Helm packages
+
+Workarounds
+-----------
+
+- `<https://github.com/bitnami/bitnami-docker-mariadb-galera/issues/35>`_
+ Workaround is to generate a password with "short" strenght or pregenerate
+ passwords without single quote in it. Default deployment is using "short"
+ password generation for mariadb.
+
+Security Notes
+--------------
+
+**Fixed Security Issues**
+
+References
+==========
+
+For more information on the ONAP Frankfurt release, please see:
+
+#. `ONAP Home Page`_
+#. `ONAP Documentation`_
+#. `ONAP Release Downloads`_
+#. `ONAP Wiki Page`_
+
+
+.. _`ONAP Home Page`: https://www.onap.org
+.. _`ONAP Wiki Page`: https://wiki.onap.org
+.. _`ONAP Documentation`: https://docs.onap.org
+.. _`ONAP Release Downloads`: https://git.onap.org
Previous Release Notes
======================
+- :ref:`Honolulu <release_notes_honolulu>`
- :ref:`Guilin <release_notes_guilin>`
- :ref:`Frankfurt <release_notes_frankfurt>`
- :ref:`El Alto <release_notes_elalto>`
Abstract
========
-This document provides the release notes for the Honolulu release.
+This document provides the release notes for the Istanbul release.
Summary
=======
-The focus of this release is to strengthen the foundation of OOM installer.
+
Release Data
============
| **Docker images** | N/A |
| | |
+--------------------------------------+--------------------------------------+
-| **Release designation** | Honolulu |
+| **Release designation** | Istanbul |
| | |
+--------------------------------------+--------------------------------------+
-| **Release date** | 2021/04/29 |
+| **Release date** | |
| | |
+--------------------------------------+--------------------------------------+
New features
------------
-* Kubernetes support for version up to 1.20
-* Helm support for version up to 3.5
-* Limits are set for most of the components
-* Portal-Cassandra image updated to Bitnami, supporting IPv4/IPv6 Dual Stack
-* CMPv2 external issuer implemented which extends Cert-Manager with ability to
- enroll X.509 certificates from CMPv2 servers
-* New version for mariadb galera using Bitnami image, supporting IPv4/IPv6 Dual
- Stack
-* Bump version of common PostgreSQL and ElasticSearch
-* Move to automatic certificates retrieval for 80% of the components
-* Consistent retrieval of docker images, with ability to configure proxy for
- the 4 repositories used by ONAP
**Bug fixes**
A list of issues resolved in this release can be found here:
-https://jira.onap.org/projects/OOM/versions/11073
-
-major issues solved:
+https://jira.onap.org/projects/OOM/versions/11074
-* Better handling of persistence on PostgreSQL
-* Better Ingress templating
-* Better Service templating
**Known Issues**
-- `OOM-2554 <https://jira.onap.org/browse/OOM-2554>`_ Common pods have java 8
-- `OOM-2435 <https://jira.onap.org/browse/OOM-2435>`_ SDNC karaf shell:
- log:list: Error executing command: Unrecognized configuration
-- `OOM-2629 <https://jira.onap.org/browse/OOM-2629>`_ NetBox demo entry setup
- not complete
-- `OOM-2706 <https://jira.onap.org/browse/OOM-2706>`_ CDS Blueprint Processor
- does not work with local DB
-- `OOM-2713 <https://jira.onap.org/browse/OOM-2713>`_ Problem on onboarding
- custom cert to SDNC ONAP during deployment
-- `OOM-2698 <https://jira.onap.org/browse/OOM-2698>`_ SO helm override fails in
- for value with multi-level replacement
-- `OOM-2697 <https://jira.onap.org/browse/OOM-2697>`_ SO with local MariaDB
- deployment fails
-- `OOM-2538 <https://jira.onap.org/browse/OOM-2538>`_ strange error with
- CertInitializer template
-- `OOM-2547 <https://jira.onap.org/browse/OOM-2547>`_ Health Check failures
- seen after bringing down/up control plane & worker node VM instances on which
- ONAP hosted
-- `OOM-2699 <https://jira.onap.org/browse/OOM-2699>`_ SO so-mariadb
- readinessCheck fails for local MariaDB instance
-- `OOM-2705 <https://jira.onap.org/browse/OOM-2705>`_ SDNC DB installation fails
- on local MariaDB instance
-- `OOM-2603 <https://jira.onap.org/browse/OOM-2603>`_ [SDNC] allign password for
- scaleoutUser/restconfUser/odlUser
Deliverables
------------
Known Vulnerabilities
---------------------
-- Hard coded password used for all OOM deployments
- [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
-- :doc:`Hard coded certificates <oom_hardcoded_certificates>` in Helm packages
Workarounds
-----------
-- `<https://github.com/bitnami/bitnami-docker-mariadb-galera/issues/35>`_
- Workaround is to generate a password with "short" strenght or pregenerate
- passwords without single quote in it. Default deployment is using "short"
- password generation for mariadb.
+- `OOM-2754 <https://jira.onap.org/browse/OOM-2754>`_
+ Because of *updateEndpoint* property added to *cmpv2issuer* CRD
+ it is impossible to upgrade platform component from Honolulu to Istanbul
+ release without manual steps. Actions that should be performed:
+
+ #. Update the CRD definition::
+
+ > kubectl -n onap apply -f cmpv2-cert-provider/crds/cmpv2issuer.yaml
+ #. Upgrade the component
+ #. Make sure that *cmpv2issuer* contains correct value for
+ *spec.updateEndpoint*. The value should be: *v1/certificate-update*.
+ If it's not, edit the resource::
+
+ > kubectl -n onap edit cmpv2issuer cmpv2-issuer-onap
+
Security Notes
--------------
References
==========
-For more information on the ONAP Frankfurt release, please see:
+For more information on the ONAP Istanbul release, please see:
#. `ONAP Home Page`_
#. `ONAP Documentation`_
- name: aaf-cass
version: ~8.x-0
repository: 'file://components/aaf-cass'
+ condition: aaf-authz.enabled
- name: aaf-cm
version: ~8.x-0
repository: 'file://components/aaf-cm'
+ condition: aaf-authz.enabled
- name: aaf-fs
version: ~8.x-0
repository: 'file://components/aaf-fs'
+ condition: aaf-authz.enabled
- name: aaf-gui
version: ~8.x-0
repository: 'file://components/aaf-gui'
+ condition: aaf-authz.enabled
- name: aaf-hello
version: ~8.x-0
repository: 'file://components/aaf-hello'
+ condition: aaf-hello.enabled
- name: aaf-locate
version: ~8.x-0
repository: 'file://components/aaf-locate'
+ condition: aaf-authz.enabled
- name: aaf-oauth
version: ~8.x-0
repository: 'file://components/aaf-oauth'
+ condition: aaf-authz.enabled
- name: aaf-service
version: ~8.x-0
repository: 'file://components/aaf-service'
+ condition: aaf-authz.enabled
- name: aaf-sms
version: ~8.x-0
repository: 'file://components/aaf-sms'
+ condition: aaf-sms.enabled
- name: aaf-sshsm
version: ~8.x-0
repository: 'file://components/aaf-sshsm'
+ condition: aaf-sshsm.enabled
persistence: {}
resources: {}
+
+aaf-authz:
+ enabled: true
+aaf-hello:
+ enabled: false
+aaf-sms:
+ enabled: true
+aaf-sshsm:
+ enabled: false
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: aai-filebeat
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-babel
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ .Values.minReadySeconds }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
selector:
matchLabels:
app: {{ include "common.name" . }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
hostname: aai-graphadmin
+ terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
{{ if .Values.global.initContainers.enabled }}
initContainers:
- command:
value: {{ .Values.global.config.userId | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
+ - name: INTERNAL_PORT_1
+ value: {{ .Values.service.internalPort | quote }}
+ - name: INTERNAL_PORT_2
+ value: {{ .Values.service.internalPort2 | quote }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
+ lifecycle:
+ # wait for active requests (long-running tasks) to be finished
+ # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
+ preStop:
+ exec:
+ command:
+ - sh
+ - -c
+ - |
+ while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2)
+ do sleep 10
+ done
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
flavorOverride: small
# default number of instances
replicaCount: 1
+# the minimum number of seconds that a newly created Pod should be ready
+minReadySeconds: 30
+updateStrategy:
+ type: RollingUpdate
+ # The number of pods that can be unavailable during the update process
+ maxUnavailable: 0
+ # The number of pods that can be created above the desired amount of pods during an update
+ maxSurge: 1
# Configuration for the graphadmin deployment
config:
internalPort: 8449
portName2: tcp-5005
internalPort2: 5005
+ terminationGracePeriodSeconds: 120
ingress:
enabled: false
cpu: 1
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-graphadmin
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
name: aai-filebeat
resources:
{{ include "common.resources" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
cpu: 1
memory: 1536Mi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-modelloader
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ .Values.minReadySeconds }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
selector:
matchLabels:
app: {{ include "common.name" . }}
{{- end }}
spec:
hostname: aai-resources
+ terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-readiness
command:
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
- name: POST_JAVA_OPTS
- value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}'
+ value: '-Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}'
- name: TRUSTORE_ALL_PASSWORD
value: {{ .Values.certInitializer.truststorePassword }}
+ - name: INTERNAL_PORT_1
+ value: {{ .Values.service.internalPort | quote }}
+ - name: INTERNAL_PORT_2
+ value: {{ .Values.service.internalPort2 | quote }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
+ lifecycle:
+ # wait for active requests (long-running tasks) to be finished
+ # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
+ preStop:
+ exec:
+ command:
+ - sh
+ - -c
+ - |
+ while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2)
+ do sleep 10
+ done
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if .Values.liveness.enabled }}
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
resources: {{ include "common.resources" . | nindent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
flavorOverride: small
# default number of instances
replicaCount: 1
+# the minimum number of seconds that a newly created Pod should be ready
+minReadySeconds: 30
+updateStrategy:
+ type: RollingUpdate
+ # The number of pods that can be unavailable during the update process
+ maxUnavailable: 0
+ # The number of pods that can be created above the desired amount of pods during an update
+ maxSurge: 1
# Configuration for the resources deployment
config:
internalPort: 8447
portName2: tcp-5005
internalPort2: 5005
+ terminationGracePeriodSeconds: 120
ingress:
enabled: false
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-resources
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: aai-common-aai-auth-mount
secret:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-schema-service
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
name: aai-sparky-filebeat
resources:
{{ include "common.resources" . }}
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
cpu: 0.5
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-sparky-be
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ .Values.minReadySeconds }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
selector:
matchLabels:
app: {{ include "common.name" . }}
{{- end }}
spec:
hostname: aai-traversal
+ terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- command:
- /app/ready.py
value: {{ .Values.global.config.userId | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
+ - name: INTERNAL_PORT_1
+ value: {{ .Values.service.internalPort | quote }}
+ - name: INTERNAL_PORT_2
+ value: {{ .Values.service.internalPort2 | quote }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
+ lifecycle:
+ # wait for active requests (long-running tasks) to be finished
+ # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
+ preStop:
+ exec:
+ command:
+ - sh
+ - -c
+ - |
+ while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2)
+ do sleep 10
+ done
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
name: {{ include "common.fullname" . }}-filebeat
resources:
{{ include "common.resources" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
restartPolicy: Always
flavor: small
flavorOverride: small
+# the minimum number of seconds that a newly created Pod should be ready
+minReadySeconds: 30
+updateStrategy:
+ type: RollingUpdate
+ # The number of pods that can be unavailable during the update process
+ maxUnavailable: 0
+ # The number of pods that can be created above the desired amount of pods during an update
+ maxSurge: 1
api_list:
- 11
internalPort: 8446
portName2: tcp-5005
internalPort2: 5005
+ terminationGracePeriodSeconds: 120
ingress:
enabled: false
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai-traversal
+ roles:
+ - read
version: ~8.x-0
repository: 'file://components/aai-traversal'
condition: aai-traversal.enabled
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: aai
+ roles:
+ - read
.project
.idea/
*.tmproj
+components/
printf "."
sleep 1
done
-echo -e "\nmariadbgalera ready"
+echo
+echo "mariadbgalera ready"
if [ ! -d ${DBINIT_DIR} ]
then
nameOverride: *appc-db
replicaCount: 1
+ mariadbConfiguration: |-
+ [client]
+ port=3306
+ socket=/opt/bitnami/mariadb/tmp/mysql.sock
+ plugin_dir=/opt/bitnami/mariadb/plugin
+
+ [mysqld]
+ lower_case_table_names = 1
+ default_storage_engine=InnoDB
+ basedir=/opt/bitnami/mariadb
+ datadir=/bitnami/mariadb/data
+ plugin_dir=/opt/bitnami/mariadb/plugin
+ tmpdir=/opt/bitnami/mariadb/tmp
+ socket=/opt/bitnami/mariadb/tmp/mysql.sock
+ pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid
+ bind_address=0.0.0.0
+
+ ## Character set
+ collation_server=utf8_unicode_ci
+ init_connect='SET NAMES utf8'
+ character_set_server=utf8
+
+ ## MyISAM
+ key_buffer_size=32M
+ myisam_recover_options=FORCE,BACKUP
+
+ ## Safety
+ skip_host_cache
+ skip_name_resolve
+ max_allowed_packet=16M
+ max_connect_errors=1000000
+ sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE
+ sysdate_is_now=1
+
+ ## Binary Logging
+ log_bin=mysql-bin
+ expire_logs_days=14
+ # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql
+ sync_binlog=0
+ # Required for Galera
+ binlog_format=row
+
+ ## Caches and Limits
+ tmp_table_size=32M
+ max_heap_table_size=32M
+ # Re-enabling as now works with Maria 10.1.2
+ query_cache_type=1
+ query_cache_limit=4M
+ query_cache_size=256M
+ max_connections=500
+ thread_cache_size=50
+ open_files_limit=65535
+ table_definition_cache=4096
+ table_open_cache=4096
+
+ ## InnoDB
+ innodb=FORCE
+ innodb_strict_mode=1
+ # Mandatory per https://github.com/codership/documentation/issues/25
+ innodb_autoinc_lock_mode=2
+ # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/
+ innodb_doublewrite=1
+ innodb_flush_method=O_DIRECT
+ innodb_log_files_in_group=2
+ innodb_log_file_size=128M
+ innodb_flush_log_at_trx_commit=1
+ innodb_file_per_table=1
+ # 80% Memory is default reco.
+ # Need to re-evaluate when DB size grows
+ innodb_buffer_pool_size=2G
+ innodb_file_format=Barracuda
+
+ ## Logging
+ log_error=/opt/bitnami/mariadb/logs/mysqld.log
+ slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log
+ log_queries_not_using_indexes=1
+ slow_query_log=1
+
+ ## SSL
+ ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem
+ # ssl_ca=/certs/ca.pem
+ # ssl_cert=/certs/server-cert.pem
+ # ssl_key=/certs/server-key.pem
+
+ [galera]
+ wsrep_on=ON
+ wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so
+ wsrep_sst_method=mariabackup
+ wsrep_slave_threads=4
+ wsrep_cluster_address=gcomm://
+ wsrep_cluster_name=galera
+ wsrep_sst_auth="root:"
+ # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit
+ innodb_flush_log_at_trx_commit=2
+ # MYISAM REPLICATION SUPPORT #
+ wsrep_replicate_myisam=ON
+ binlog_format=row
+ default_storage_engine=InnoDB
+ innodb_autoinc_lock_mode=2
+ transaction-isolation=READ-COMMITTED
+ wsrep_causal_reads=1
+ wsrep_sync_wait=7
+
+ [mariadb]
+ plugin_load_add=auth_pam
+
+ ## Data-at-Rest Encryption
+ ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem
+ # plugin_load_add=file_key_management
+ # file_key_management_filename=/encryption/keyfile.enc
+ # file_key_management_filekey=FILE:/encryption/keyfile.key
+ # file_key_management_encryption_algorithm=AES_CTR
+ # encrypt_binlog=ON
+ # encrypt_tmp_files=ON
+
+ ## InnoDB/XtraDB Encryption
+ # innodb_encrypt_tables=ON
+ # innodb_encrypt_temporary_tables=ON
+ # innodb_encrypt_log=ON
+ # innodb_encryption_threads=4
+ # innodb_encryption_rotate_key_age=1
+
+ ## Aria Encryption
+ # aria_encrypt_tables=ON
+ # encrypt_tmp_disk_tables=ON
+
dgbuilder:
nameOverride: appc-dgbuilder
certInitializer:
.project
.idea/
*.tmproj
+components/
blueprintprocessor.k8s.plugin.username=unused
blueprintprocessor.k8s.plugin.password=unused
blueprintprocessor.k8s.plugin.url=http://multicloud-k8s:9015/
+
+#Workflow audit store configuration
+blueprintsprocessor.workflow.self-service-api.audit.storeEnable={{ .Values.workflow.storeEnabled }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-blueprintsprocessor:1.1.4
+image: onap/ccsdk-blueprintsprocessor:1.1.5
pullPolicy: Always
# flag to enable debugging - application support required
nameOverride: cds-blueprints-processor
roles:
- read
+
+# workflow store flag
+workflow:
+ storeEnabled: false
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.metrics.serviceMonitor.enabled }}
+ - name: PROMETHEUS_METRICS_ENABLED
+ value: {{ .Values.metrics.serviceMonitor.enabled | quote }}
+ - name: PROMETHEUS_PORT
+ value: {{ .Values.service.metrics.internalPort | quote }}
+ {{ end }}
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
{{- end}}
name: {{ .Values.service.grpc.portName | default "grpc" }}
+ {{- if .Values.metrics.serviceMonitor.enabled }}
+ - port: {{ .Values.service.metrics.externalPort }}
+ targetPort: {{ .Values.service.metrics.internalPort }}
+ {{- if eq .Values.service.type "NodePort"}}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ {{- end}}
+ name: {{ .Values.service.metrics.portName | default "metrics" }}
+ {{- end}}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
\ No newline at end of file
-# Copyright © 2018 Amdocs, Bell Canada
+{{/*
+# Copyright © 2021 Bitnami, Orange, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-apiVersion: v1
-description: ONAP External System Register GUI
-name: esr-server
-version: 8.0.0
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
\ No newline at end of file
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-commandexecutor:1.1.4
+image: onap/ccsdk-commandexecutor:1.1.5
pullPolicy: Always
# application configuration
portName: command-executor-grpc
internalPort: 50051
externalPort: 50051
+ metrics:
+ portName: command-executor-metrics
+ internalPort: 10005
+ externalPort: 10005
persistence:
enabled: true
nameOverride: cds-command-executor
roles:
- read
+
+metrics:
+ serviceMonitor:
+ enabled: false
+ port: command-executor-metrics
+ path: /actuator/prometheus
+ basicAuth:
+ enabled: false
+ externalSecretName: mysecretname
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ .Release.Name }}'
+ heritage: '{{ .Release.Service }}'
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-py-executor:1.1.4
+image: onap/ccsdk-py-executor:1.1.5
pullPolicy: Always
# default number of instances
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-sdclistener:1.1.4
+image: onap/ccsdk-sdclistener:1.1.5
name: sdc-listener
pullPolicy: Always
{{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
# application image
-image: onap/ccsdk-cds-ui-server:1.1.4
+image: onap/ccsdk-cds-ui-server:1.1.5
pullPolicy: Always
# application configuration
- name: repositoryGenerator
version: ~8.x-0
repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: 'file://../serviceAccount'
#!/bin/bash
+
set -e
# first arg is `-f` or `--some-option`
if [ "$1" = 'cassandra' -a "$(id -u)" = '0' ]; then
find /var/lib/cassandra /var/log/cassandra "$CASSANDRA_CONFIG" \
\! -user cassandra -exec chown cassandra '{}' +
- exec gosu cassandra "$BASH_SOURCE" "$@"
+ exec gosu cassandra "$0" "$@"
fi
_ip_address() {
}
# "sed -i", but without "mv" (which doesn't work on a bind-mounted file, for example)
-_sed-in-place() {
+_sed_in_place() {
local filename="$1"; shift
local tempFile
tempFile="$(mktemp)"
fi
: ${CASSANDRA_SEEDS:="$CASSANDRA_BROADCAST_ADDRESS"}
- _sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \
+ _sed_in_place "$CASSANDRA_CONFIG/cassandra.yaml" \
-r 's/(- seeds:).*/\1 "'"$CASSANDRA_SEEDS"'"/'
for yaml in \
start_rpc \
authenticator \
; do
- var="CASSANDRA_${yaml^^}"
- val="${!var}"
+ var="CASSANDRA_$(echo $yaml | tr '[:lower:]' '[:upper:]')"
+ # eval presents no security issue here because of limited possible values of var
+ eval val=\$$var
if [ "$val" ]; then
- _sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \
+ _sed_in_place "$CASSANDRA_CONFIG/cassandra.yaml" \
-r 's/^(# )?('"$yaml"':).*/\2 '"$val"'/'
fi
done
for rackdc in dc rack; do
- var="CASSANDRA_${rackdc^^}"
- val="${!var}"
+ var="CASSANDRA_$(echo $rackdc | tr '[:lower:]' '[:upper:]')"
+ # eval presents no security issue here because of limited possible values of var
+ eval val=\$$var
if [ "$val" ]; then
- _sed-in-place "$CASSANDRA_CONFIG/cassandra-rackdc.properties" \
+ _sed_in_place "$CASSANDRA_CONFIG/cassandra-rackdc.properties" \
-r 's/^('"$rackdc"'=).*/\1 '"$val"'/'
fi
done
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
hostNetwork: {{ .Values.hostNetwork }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
value: {{ default "GossipingPropertyFileSnitch" .Values.config.endpoint_snitch | quote }}
- name: CASSANDRA_AUTHENTICATOR
value: {{ default "PasswordAuthenticator" .Values.config.authenticator | quote }}
- {{- if include "common.onServiceMesh" . }}
- - name: CASSANDRA_LISTEN_ADDRESS
- value: "127.0.0.1"
- - name: CASSANDRA_BROADCAST_ADDRESS
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- {{- end }}
- name: POD_IP
valueFrom:
fieldRef:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "nothing" "dot" . )}}
volumes:
- name: localtime
hostPath:
- name: system_traces
- name: system_auth
- name: system_distributed
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: cassandra
+ roles:
+ - nothing
ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks}
JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts}
TRUSTSTORE_OUTPUT_FILENAME=${TRUSTSTORE_OUTPUT_FILENAME:-truststore.jks}
+SSL_WORKDIR=${SSL_WORKDIR:-/usr/local/share/ca-certificates}
mkdir -p $WORK_DIR
# Dont use onap truststore when aaf is disabled
continue
fi
- if [ ${f: -3} = ".sh" ]; then
+ if echo $f | grep '\.sh$' >/dev/null; then
continue
fi
- if [ ${f: -4} = ".b64" ]
+ if echo $f | grep '\.b64$' >/dev/null; then
then
base64 -d $f > $WORK_DIR/`basename $f .b64`
else
done
for f in $MORE_CERTS_DIR/*; do
- if [ ${f: -4} == ".pem" ]
- then
+ if echo $f | grep '\.pem$' >/dev/null; then
cp $f $WORK_DIR/.
fi
done
# Import Custom Certificates
for f in $WORK_DIR/*; do
- if [ ${f: -4} = ".pem" ]; then
+ if echo $f | grep '\.pem$' >/dev/null; then
echo "importing certificate: $f"
keytool -import -file $f -alias `basename $f` -keystore $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -storepass $TRUSTSTORE_PASSWORD -noprompt
if [ $? != 0 ]; then
fi
fi
done
+
+# Import certificates to Linux SSL Truststore
+cp $CERTS_DIR/*.crt $SSL_WORKDIR/.
+cp $MORE_CERTS_DIR/*.crt $SSL_WORKDIR/.
+update-ca-certificates
+if [ $? != 0 ]
+ then
+ echo "failed importing certificates"
+ exit 1
+ else
+ cp /etc/ssl/certs/ca-certificates.crt $WORK_DIR/.
+fi
\ No newline at end of file
- mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }}
name: updated-truststore
subPath: {{ $initRoot.truststoreOutputFileName }}
+- mountPath: /etc/ssl/certs/ca-certificates.crt
+ name: updated-truststore
+ subPath: ca-certificates.crt
{{- end -}}
{{- end -}}
truststorePasswordSecretName: oom-cert-service-truststore-password
truststorePasswordSecretKey: password
certPostProcessor:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: {{ .key }}
+ - key: {{ .key }}
operator: In
values:
{{- range .values }}
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: {{ .key }}
+ - key: {{ .key }}
operator: In
values:
{{- range .values }}
--- /dev/null
+{{/*
+################################################################################
+# Copyright (C) 2021 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{/*
+ This template generates a Kubernetes init containers common template to enable applications to provision
+ DMaaP topics (on Message Router) and feeds (on Data Router), with associated authorization (on AAF).
+ DMaap Bus Controller endpoints are used to provision:
+ - Authorized topic on MR, and to create and grant permission for publishers and subscribers.
+ - Feed on DR, with associated user authentication.
+
+ common.dmaap.provisioning.initContainer:
+ This template make use of Dmaap Bus Controller docker image to create resources on Dmaap Data Router
+ microservice, with the help of dbc-client.sh script it makes use of Bus Controller API to create Feed, Topics.
+ If the resource creation is successful via script response is logged back at particular location with
+ appropriate naming convention.
+
+ More details can be found at :
+ (https://wiki.onap.org/pages/viewpage.action?pageId=103417564)
+
+ The template directly references data in .Values, and indirectly (through its
+ use of templates from the ONAP "common" collection) references data in .Release.
+
+ Parameter for _dmaapProvisioning to be defined in values.yaml
+ # DataRouter Feed Configuration
+ drFeedConfig:
+ - feedName: bulk_pm_feed
+ owner: dcaecm
+ feedVersion: 0.0
+ asprClassification: unclassified
+ feedDescription: DFC Feed Creation
+
+ # DataRouter Publisher Configuration
+ drPubConfig:
+ - feedName: bulk_pm_feed
+ dcaeLocationName: loc00
+
+ # DataRouter Subscriber Configuration
+ drSubConfig:
+ - feedName: bulk_pm_feed
+ decompress: True
+ dcaeLocationName: loc00
+ privilegedSubscriber: True
+ deliveryURL: https://dcae-pm-mapper:8443/delivery
+
+ # MessageRouter Topic, Publisher Configuration
+ mrTopicsConfig:
+ - topicName: PERFORMANCE_MEASUREMENTS
+ topicDescription: Description about Topic
+ owner: dcaecm
+ tnxEnabled: false
+ clients:
+ - dcaeLocationName: san-francisco
+ clientRole: org.onap.dcae.pmPublisher
+ action:
+ - pub
+ - view
+
+ # ConfigMap Configuration for DR Feed, Dr_Publisher, Dr_Subscriber, MR Topics
+ volumes:
+ - name: feeds-config
+ path: /opt/app/config/feeds
+ - name: drpub-config
+ path: /opt/app/config/dr_pubs
+ - name: drsub-config
+ path: /opt/app/config/dr_subs
+ - name: topics-config
+ path: /opt/app/config/topics
+
+ In deployments/jobs/stateful include:
+ initContainers:
+ {{- include "common.dmaap.provisioning.initContainer" . | nindent XX }}
+ volumes:
+ {{- include "common.dmaap.provisioning._volumes" . | nindent XX -}}
+*/}}
+
+{{- define "common.dmaap.provisioning._volumeMounts" -}}
+{{- $dot := default . .dot -}}
+- mountPath: /opt/app/config/cache
+ name: dbc-response-cache
+{{- range $name, $volume := $dot.Values.volumes }}
+- name: {{ $volume.name }}
+ mountPath: {{ $volume.path }}
+{{- end }}
+{{- end -}}
+
+{{- define "common.dmaap.provisioning._volumes" -}}
+{{- $dot := default . .dot -}}
+- name: dbc-response-cache
+ emptyDir: {}
+{{- range $name, $volume := $dot.Values.volumes }}
+- name: {{ $volume.name }}
+ configMap:
+ defaultMode: 420
+ name: {{ include "common.fullname" $dot }}-{{ printf "%s" $volume.name }}
+{{- end }}
+{{- end -}}
+
+{{- define "common.dmaap.provisioning.initContainer" -}}
+{{- $dot := default . .dot -}}
+{{- $drFeedConfig := default $dot.Values.drFeedConfig .drFeedConfig -}}
+{{- $mrTopicsConfig := default $dot.Values.mrTopicsConfig .mrTopicsConfig -}}
+{{- if or $drFeedConfig $mrTopicsConfig -}}
+- name: {{ include "common.name" $dot }}-init-dmaap-provisioning
+ image: {{ include "repositoryGenerator.image.dbcClient" $dot }}
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ env:
+ - name: RESP_CACHE
+ value: /opt/app/config/cache
+ - name: REQUESTID
+ value: "{{ include "common.name" $dot }}-dmaap-provisioning"
+ {{- range $cred := $dot.Values.credentials }}
+ - name: {{ $cred.name }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $cred.uid "key" $cred.key) | nindent 4 }}
+ {{- end }}
+ volumeMounts:
+ {{- include "common.dmaap.provisioning._volumeMounts" $dot | trim | nindent 2 }}
+ resources: {{ include "common.resources" $dot | nindent 1 }}
+- name: {{ include "common.name" $dot }}-init-merge-config
+ image: {{ include "repositoryGenerator.image.envsubst" $dot }}
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ if [ -d /opt/app/config/cache ]; then
+ cd /opt/app/config/cache
+ for file in $(ls feed*); do
+ NUM=$(echo "$file" | sed 's/feedConfig-\([0-9]\+\)-resp.json/\1/')
+ export DR_LOG_URL_"$NUM"="$(grep -o '"logURL":"[^"]*' "$file" | cut -d '"' -f4)"
+ export DR_FILES_PUBLISHER_URL_"$NUM"="$(grep -o '"publishURL":"[^"]*' "$file" | cut -d '"' -f4)"
+ done
+ for file in $(ls drpub*); do
+ NUM=$(echo "$file" | sed 's/drpubConfig-\([0-9]\+\)-resp.json/\1/')
+ export DR_USERNAME_"$NUM"="$(grep -o '"username":"[^"]*' "$file" | cut -d '"' -f4)"
+ export DR_PASSWORD_"$NUM"="$(grep -o '"userpwd":"[^"]*' "$file" | cut -d '"' -f4)"
+ export DR_FILES_PUBLISHER_ID_"$NUM"="$(grep -o '"pubId":"[^"]*' "$file" | cut -d '"' -f4)"
+ done
+ for file in $(ls drsub*); do
+ NUM=$(echo "$file" | sed 's/drsubConfig-\([0-9]\+\)-resp.json/\1/')
+ export DR_FILES_SUBSCRIBER_ID_"$NUM"="$(grep -o '"subId":"[^"]*' "$file" | cut -d '"' -f4)"
+ done
+ for file in $(ls topics*); do
+ NUM=$(echo "$file" | sed 's/topicsConfig-\([0-9]\+\)-resp.json/\1/')
+ export MR_FILES_PUBLISHER_CLIENT_ID_"$NUM"="$(grep -o '"mrClientId":"[^"]*' "$file" | cut -d '"' -f4)"
+ done
+ else
+ echo "No Response logged for Dmaap BusController Http POST Request..!"
+ fi
+ cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
+ env:
+ {{- range $cred := $dot.Values.credentials }}
+ - name: {{ $cred.name }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $cred.uid "key" $cred.key) | nindent 4 }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /opt/app/config/cache
+ name: dbc-response-cache
+ - mountPath: /config-input
+ name: app-config-input
+ - mountPath: /config
+ name: app-config
+ resources:
+ limits:
+ cpu: 200m
+ memory: 250Mi
+ requests:
+ cpu: 100m
+ memory: 200Mi
+{{- end -}}
+{{- end -}}
\ No newline at end of file
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
{{/*
Resolve the name of a chart's service.
{{- if (include "common.needTLS" $dot) }}
- port: {{ $port.port }}
targetPort: {{ $port.name }}
+{{- if $port.l4_protocol }}
+ protocol: {{ $port.l4_protocol }}
+{{- else }}
+ protocol: TCP
+{{- end }}
{{- if $port.port_protocol }}
name: {{ printf "%ss-%s" $port.port_protocol $port.name }}
{{- else }}
{{- else }}
- port: {{ default $port.port $port.plain_port }}
targetPort: {{ $port.name }}
+{{- if $port.plain_port_l4_protocol }}
+ protocol: {{ $port.plain_port_l4_protocol }}
+{{- else }}
+ protocol: {{ default "TCP" $port.l4_protocol }}
+{{- end }}
{{- if $port.port_protocol }}
name: {{ printf "%s-%s" $port.port_protocol $port.name }}
{{- else }}
{{- if (eq $serviceType "ClusterIP") }}
- port: {{ $port.plain_port }}
targetPort: {{ $port.name }}-plain
+{{- if $port.plain_l4_port_protocol }}
+ protocol: {{ $port.plain_port_l4_protocol }}
+{{- else }}
+ protocol: {{ default "TCP" $port.l4_protocol }}
+{{- end }}
{{- if $port.port_protocol }}
name: {{ printf "%s-%s" $port.port_protocol $port.name }}
{{- else }}
--- /dev/null
+{{/*
+# Copyright © 2021 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{/*
+ Resolve the name of a chart's serviceMonitor.
+
+ The default will be the chart name (or $dot.Values.nameOverride if set).
+ And the use of .Values.metrics.serviceMonitor.name overrides all.
+
+ - .Values.metrics.serviceMonitor.name: override default serviceMonitor (ie. chart) name
+ Example values file addition:
+ metrics:
+ serviceMonitor:
+ enabled: true
+ port: blueprints-processor-http
+ ## specify target port if name is not given to the port in the service definition
+ ##
+ # targetPort: 8080
+ path: /metrics
+ basicAuth:
+ enabled: false
+ externalSecretName: mysecretname
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+
+ ## Namespace in which Prometheus is running
+ ##
+ # namespace: monitoring
+
+ ## Interval at which metrics should be scraped.
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ # interval: 60s
+
+ ## Timeout after which the scrape is ended
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ # scrapeTimeout: 10s
+
+ ## ServiceMonitor selector labels
+ ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
+ ##
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ relabelings: []
+
+ ## MetricRelabelConfigs to apply to samples before ingestion
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ metricRelabelings: []
+ # - sourceLabels:
+ # - "__name__"
+ # targetLabel: "__name__"
+ # action: replace
+ # regex: '(.*)'
+ # replacement: 'example_prefix_$1'
+
+*/}}
+{{/*
+ Expand the serviceMonitor name for a chart.
+*/}}
+{{- define "common.serviceMonitorName" -}}
+ {{- $name := default .Chart.Name .Values.nameOverride -}}
+ {{- default $name .Values.metrics.serviceMonitor.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* Define the metadata of serviceMonitor
+ The function takes from one to four arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .suffix : a string which will be added at the end of the name (with a '-').
+ - .annotations: the annotations to add
+ - .labels : labels to add
+ Usage example:
+ {{ include "common.serviceMonitorMetadata" ( dict "suffix" "myService" "dot" .) }}
+ {{ include "common.serviceMonitorMetadata" ( dict "annotations" .Values.metrics.serviceMonitor.annotation "dot" .) }}
+*/}}
+
+{{- define "common.serviceMonitorMetadata" -}}
+{{- $dot := default . .dot -}}
+{{- $annotations := default "" .annotations -}}
+{{- $labels := default (dict) .labels -}}
+{{- if $annotations -}}
+annotations:
+{{ include "common.tplValue" (dict "value" $annotations "context" $dot) | indent 2 }}
+{{- end }}
+name: {{ include "common.serviceMonitorName" $dot }}
+{{- if $dot.Values.metrics.serviceMonitor.namespace }}
+namespace: {{ $dot.Values.metrics.serviceMonitor.namespace }}
+{{- else }}
+namespace: {{ include "common.namespace" $dot }}
+{{- end }}
+labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 }}
+{{- end -}}
+
+{{/*
+ Create service monitor template
+*/}}
+{{- define "common.serviceMonitor" -}}
+{{- $dot := default . .dot -}}
+{{- $labels := default (dict) .labels -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+{{- include "common.serviceMonitorMetadata" $dot | nindent 2 }}
+spec:
+ endpoints:
+ - path: {{ default "/metrics" $dot.Values.metrics.serviceMonitor.path }}
+ {{- if $dot.Values.metrics.serviceMonitor.port }}
+ port: {{ $dot.Values.metrics.serviceMonitor.port }}
+ {{- else if $dot.Values.metrics.serviceMonitor.targetPort }}
+ targetPort: {{ $dot.Values.metrics.serviceMonitor.targetPort }}
+ {{- else }}
+ port: metrics
+ {{- end }}
+ {{- if $dot.Values.metrics.serviceMonitor.basicAuth.enabled }}
+ basicAuth:
+ username:
+ key: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretUserKey }}
+ name: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretName }}
+ password:
+ key: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretPasswordKey }}
+ name: {{ $dot.Values.metrics.serviceMonitor.basicAuth.externalSecretName }}
+ {{- end }}
+ {{- if $dot.Values.metrics.serviceMonitor.interval }}
+ interval: {{ $dot.Values.metrics.serviceMonitor.interval }}
+ {{- end }}
+ {{- if $dot.Values.metrics.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ $dot.Values.metrics.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ {{- if $dot.Values.metrics.serviceMonitor.relabelings }}
+ relabelings: {{- include "common.tplValue" ( dict "value" $dot.Values.metrics.serviceMonitor.relabelings "context" $dot) | nindent 6 }}
+ {{- end }}
+ {{- if $dot.Values.metrics.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{- include "common.tplValue" ( dict "value" $dot.Values.metrics.serviceMonitor.metricRelabelings "context" $dot) | nindent 6 }}
+ {{- end }}
+ namespaceSelector:
+ matchNames:
+ - {{ include "common.namespace" $dot }}
+ selector:
+ {{- if $dot.Values.metrics.serviceMonitor.selector }}
+ matchLabels: {{- include "common.tplValue" ( dict "value" $dot.Values.metrics.serviceMonitor.selector "context" $dot) | nindent 6 }}
+ {{- else }}
+ matchLabels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 6 }}
+ {{- end }}
+{{- end -}}
aaf_add_config: >
cd {{ .Values.credsPath }};
mkdir -p certs;
- export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
cp {{ .Values.fqi_namespace }}.key certs/key.pem;
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.googleK8sRepository" . }}/{{ .Values.image }}
{{/*
-# Copyright © 2020 Bitnami, Orange
+# Copyright © 2021 Bitnami, Orange, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-{{- if default false (and .Values.global.metrics.enabled .Values.global.metrics.custom_resources) }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
- name: {{ template "common.fullname" . }}
- {{- if .Values.metrics.serviceMonitor.namespace }}
- namespace: {{ .Values.metrics.serviceMonitor.namespace }}
- {{- else }}
- namespace: {{ include "common.namespace" . }}
- {{- end }}
- labels: {{- include "common.labels" . | nindent 4 }}
- {{- range $key, $value := .Values.metrics.serviceMonitor.selector }}
- {{ $key }}: {{ $value | quote }}
- {{- end }}
-spec:
- selector:
- matchLabels: {{- include "common.matchLabels" . | nindent 6 }}
- endpoints:
- - port: metrics
- {{- if .Values.metrics.serviceMonitor.interval }}
- interval: {{ .Values.metrics.serviceMonitor.interval }}
- {{- end }}
- {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
- scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
- {{- end }}
- {{- if .Values.metrics.serviceMonitor.relabelings }}
- relabelings: {{- include "common.tplValue" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
- {{- end }}
- {{- if .Values.metrics.serviceMonitor.metricRelabelings }}
- metricRelabelings: {{- include "common.tplValue" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
- {{- end }}
- namespaceSelector:
- matchNames:
- - {{ .Release.Namespace }}
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
{{- end }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
{{- if .Values.affinity }}
- affinity: {{- include "common.tplvalues" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
+ affinity: {{- include "common.tplValue" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.nodeSelector }}
- nodeSelector: {{- include "common.tplvalues" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+ nodeSelector: {{- include "common.tplValue" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
- tolerations: {{- include "common.tplvalues" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
+ tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
{{- end }}
volumes:
- name: previous-boot
##
type: ClusterIP
headless: {}
+ internalPort: &dbPort 3306
ports:
- name: mysql
- port: 3306
+ port: *dbPort
headlessPorts:
- name: galera
port: 4567
#!/bin/bash
+
{{/*
# Copyright © 2019 Orange
# Copyright © 2020 Samsung Electronics
set -e
while read DB ; do
- USER_VAR="MYSQL_USER_${DB^^}"
- PASS_VAR="MYSQL_PASSWORD_${DB^^}"
- USER=${!USER_VAR}
- PASS=`echo -n ${!PASS_VAR} | sed -e "s/'/''/g"`
+ USER_VAR="MYSQL_USER_$(echo $DB | tr '[:lower:]' '[:upper:]')"
+ PASS_VAR="MYSQL_PASSWORD_$(echo $DB | tr '[:lower:]' '[:upper:]')"
+{{/*
+ # USER=${!USER_VAR}
+ # PASS=`echo -n ${!PASS_VAR} | sed -e "s/'/''/g"`
+ # eval replacement of the bashism equivalents above might present a security issue here
+ # since it reads content from DB values filled by helm at the end of the script.
+ # These possible values has to be constrainted and/or limited by helm for a safe use of eval.
+*/}}
+ eval USER=\$$USER_VAR
+ PASS=$(eval echo -n \$$PASS_VAR | sed -e "s/'/''/g")
MYSQL_OPTS=( -h ${DB_HOST} -P ${DB_PORT} -uroot -p${MYSQL_ROOT_PASSWORD} )
echo "Creating database ${DB} and user ${USER}..."
/db_config/db_cmd.sh{{ end }}
env:
- name: DB_HOST
- value: "{{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.serviceName }}"
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- value: "{{ default .Values.global.mariadbGalera.servicePort .Values.mariadbGalera.servicePort }}"
+ value: {{ include "common.mariadbPort" . | quote }}
- name: MYSQL_ROOT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }}
- name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - name: mariadb-conf
+ - name: mariadb-init
mountPath: /db_init/
{{- if or .Values.dbScriptConfigMap .Values.dbScript }}
- - name: mariadb-init
+ - name: mariadb-conf
mountPath: /db_config/
{{- end }}
resources:
hostPath:
path: /etc/localtime
{{- if or .Values.dbScriptConfigMap .Values.dbScript }}
- - name: mariadb-init
+ - name: mariadb-conf
configMap:
{{- if .Values.dbScriptConfigMap }}
name: {{ tpl .Values.dbScriptConfigMap . }}
{{- end }}
defaultMode: 0755
{{- end }}
- - name: mariadb-conf
+ - name: mariadb-init
configMap:
name: {{ include "mariadbInit.configMap" . }}
defaultMode: 0755
release: {{ include "common.release" . }}
spec:
{{ include "common.podSecurityContext" . | indent 6 }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
initContainers:
- name: {{ include "common.name" . }}-cassandra-readiness
image: {{ include "repositoryGenerator.image.readiness" . }}
release: {{ include "common.release" $dot }}
name: "{{ index $dot.Values "container" "name" $pgMode }}"
spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" $dot }}-docker-registry-key"
initContainers:
- command:
- sh
{{/*
# Copyright © 2017 Amdocs, Bell Canada
-# Copyright © 2021 AT&T
+# Copyright © 2021 AT&T
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "googleK8sRepository") .) }}
{{- end -}}
+{{/*
+ Resolve the name of the GithubContainer registry
+ - .Values.global.githubContainerRegistry : default image githubContainerRegistry for all dockerHub images
+ - .Values.githubContainerRegistryOverride : override global githubContainerRegistry on a per chart basis
+*/}}
+{{- define "repositoryGenerator.githubContainerRegistry" -}}
+ {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "githubContainerRegistry") .) }}
+{{- end -}}
+
{{- define "repositoryGenerator.image._helper" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.repositoryGenerator .initRoot -}}
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "readinessImage") .) }}
{{- end -}}
+{{- define "repositoryGenerator.image.dbcClient" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "dbcClientImage") .) }}
+{{- end -}}
+
{{/*
Resolve the image repository secret token.
The value for .Values.global.repositoryCred is used if provided:
{{- $repoCreds = printf "%s, %s" $repoCreds $gcrRepoCreds }}
{{- end }}
{{- end }}
+ {{- if $subchartDot.Values.global.githubContainerRegistryCred }}
+ {{- $ghcrRepo := $subchartDot.Values.global.githubContainerRegistry }}
+ {{- $ghcrCred := $subchartDot.Values.global.githubContainerRegistryCred }}
+ {{- $ghcrMail := default "@" $ghcrCred.mail }}
+ {{- $ghcrAuth := printf "%s:%s" $ghcrCred.user $ghcrCred.password | b64enc }}
+ {{- $ghcrRepoCreds := printf "\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $ghcrRepo $ghcrCred.user $ghcrCred.password $ghcrMail $ghcrAuth }}
+ {{- if eq "" $repoCreds }}
+ {{- $repoCreds = $ghcrRepoCreds }}
+ {{- else }}
+ {{- $repoCreds = printf "%s, %s" $repoCreds $ghcrRepoCreds }}
+ {{- end }}
+ {{- end }}
{{- printf "{%s}" $repoCreds | b64enc -}}
{{- end -}}
# Copyright © 2020 Orange
# Copyright © 2021 Nokia, AT&T
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
dockerHubRepository: docker.io
elasticRepository: docker.elastic.co
googleK8sRepository: k8s.gcr.io
+ githubContainerRegistry: ghcr.io
# common global images
busyboxImage: busybox:1.32
postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
readinessImage: onap/oom/readiness:3.0.1
dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
+ dbcClientImage: onap/dmaap/dbc-client:2.0.7
# Default credentials
# they're optional. If the target repository doesn't need them, comment them
postgresImage: dockerHubRepository
readinessImage: repository
dcaePolicySyncImage: repository
+ dbcClientImage: repository
.project
.idea/
*.tmproj
+.vscode/
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+
# http://www.apache.org/licenses/LICENSE-2.0
-#
+
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
apiVersion: v1
-description: ONAP External System Register GUI
-name: esr-gui
+appVersion: "1.0"
+description: ONAP timescaledb
+name: timescaledb
version: 8.0.0
-# Copyright (C) 2020 Wipro Limited.
-#
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+
# http://www.apache.org/licenses/LICENSE-2.0
-#
+
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
dependencies:
- name: common
version: ~8.x-0
repository: '@local'
- - name: certInitializer
+ - name: serviceAccount
version: ~8.x-0
repository: '@local'
- name: repositoryGenerator
version: ~8.x-0
- repository: '@local'
+ repository: 'file://../repositoryGenerator'
-{{ if .Values.global.cmpv2Enabled }}
+#!/bin/bash
# ============LICENSE_START=======================================================
-# Copyright (c) 2020 Nokia
+# Copyright (c) 2021 Bell Canada.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
-apiVersion: v1
-kind: Service
-metadata:
- annotations:
- prometheus.io/port: "8443"
- prometheus.io/scheme: https
- prometheus.io/scrape: "true"
- labels:
- control-plane: controller-manager
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - name: {{ .Values.service.ports.name }}
- port: {{ .Values.service.ports.port }}
- targetPort: {{ .Values.service.ports.targetPort }}
- selector:
- control-plane: controller-manager
-{{ end }}
+set -e
+set echo on;
+psql --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+ CREATE USER $DB_USERNAME WITH PASSWORD '$DB_PASSWORD';
+ CREATE SCHEMA $POSTGRES_DB;
+ GRANT ALL PRIVILEGES ON SCHEMA $POSTGRES_DB TO $DB_USERNAME;
+ CREATE EXTENSION IF NOT EXISTS timescaledb WITH SCHEMA $POSTGRES_DB;
+EOSQL
{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+
# http://www.apache.org/licenses/LICENSE-2.0
-#
+
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
*/}}
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.release" . }}-cmso-filebeat-configmap
+ name: {{ include "common.fullname" . }}-init
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/log/filebeat/*").AsConfig . | indent 2 }}
+ init-schema.sh: |-
+{{ .Files.Get "resources/init/init-schema.sh" | indent 4}}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.PV" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ serviceName: {{ include "common.servicename" . }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ livenessProbe:
+ exec:
+ command: ["psql", "-w", "-U", "{{ .Values.config.pgRootUserName }}", "-c", "select 1"]
+ initialDelaySeconds: 5
+ periodSeconds: 60
+ readinessProbe:
+ exec:
+ command: ["psql", "-w", "-U", "{{ .Values.config.pgRootUserName }}", "-c", "select 1"]
+ initialDelaySeconds: 5
+ periodSeconds: 30
+ env:
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "user-creds" "key" "login") | indent 14 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "user-creds" "key" "password") | indent 14 }}
+ - name: POSTGRES_DB
+ value: {{ .Values.config.pgDatabase }}
+ - name: POSTGRES_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-creds" "key" "login") | indent 14 }}
+ - name: POSTGRES_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-creds" "key" "password") | indent 14 }}
+ - name: PGDATA
+ value: /var/lib/postgresql/data/pgdata
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-init
+ mountPath: /docker-entrypoint-initdb.d
+ - name: {{ include "common.fullname" . }}
+ mountPath: /var/lib/postgresql/data
+ volumes:
+ - name: {{ include "common.fullname" . }}-init
+ configMap:
+ name: {{ include "common.fullname" . }}-init
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+ volumeClaimTemplates:
+ - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence) | indent 6 | trim }}
+{{- end }}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+replicaCount: 1
+global:
+ persistence: {}
+
+#################################################################
+# Secrets.
+##############################################################
+image: timescale/timescaledb:2.1.1-pg13
+
+pullPolicy: Always
+containerPorts: 5432
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+ nameOverride: timescaledb
+ roles:
+ - read
+
+podSecurityContext: {}
+ # fsGroup: 2000
+
+securityContext: {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+ # runAsUser: 1000
+
+resources:
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ limits:
+ cpu: 0.5
+ memory: 256Mi
+ requests:
+ cpu: 20m
+ memory: 256Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+service:
+ type: ClusterIP
+ name: timescaledb
+ ports:
+ - name: tcp-timescaledb
+ port: 5432
+
+persistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ accessMode: ReadWriteOnce
+ size: 1Gi
+ mountPath: /dockerdata-nfs
+
+config:
+ pgUserName: timescaledb
+ pgRootUserName: postgres
+ pgDatabase: timescaledb
+
+secrets:
+ - uid: root-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.pgRootPasswordExternalSecret) . }}'
+ login: '{{ .Values.config.pgRootUserName }}'
+ password: '{{ .Values.config.pgRootpassword }}'
+ - uid: user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}'
+ login: '{{ .Values.config.pgUserName }}'
+ password: '{{ .Values.config.pgUserPassword }}'
+
for line in `parse_yaml $filename`
do
#skiping commented line
- if [ "${line:0:1}" != '#' ]; then
+ if echo "$line" | grep -v '^#' >/dev/null; then
#find all image subtag inside converted values.yaml file's lines
if echo $line | grep -q $IMAGE_TEXT ; then
#find imageName inside line
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Samsung Electronics, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Samsung Electronics, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
resources: {{ include "common.resources" . | nindent 10 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
fsGroup: 1000
runAsUser: 100
runAsGroup: 1000
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: consul-server
+ roles:
+ - read
- name: consul-server
version: ~8.x-0
repository: 'file://components/consul-server'
- condition: cds-command-executor.enabled
+ condition: consul-server.enabled
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- mountPath: /consul/certs
name: consul-agent-certs-config
resources: {{ include "common.resources" . | nindent 10 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: consul-agent-config-dir
emptyDir: {}
fsGroup: 1000
runAsUser: 100
runAsGroup: 1000
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: consul
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: cmpv2Config
+ version: ~8.x-0
+ repository: '@local'
}
configureEjbca() {
+ ejbca.sh ca init \
+ --caname ManagementCA \
+ --dn "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345" \
+ --tokenType soft \
+ --keyspec 3072 \
+ --keytype RSA \
+ -v 3652 \
+ --policy null \
+ -s SHA256WithRSA \
+ -type "x509"
ejbca.sh config cmp addalias --alias cmpRA
ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK}
- ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
+ ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value signature
+ ejbca.sh config cmp updatealias --alias cmpRA --key authenticationmodule --value 'HMAC;EndEntityCertificate'
+ ejbca.sh config cmp updatealias --alias cmpRA --key authenticationparameters --value '-;ManagementCA'
+ ejbca.sh config cmp updatealias --alias cmpRA --key allowautomatickeyupdate --value true
#Custom EJBCA cert profile and endentity are imported to allow issuing certificates with correct extended usage (containing serverAuth)
ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles
#Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml)
ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER
#ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml)
ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849
+ caSubject=$(ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout | grep 'Subject' | sed -e "s/^Subject: //" | sed -n '1p')
+ ejbca.sh config cmp updatealias --alias cmpRA --key defaultca --value "$caSubject"
ejbca.sh config cmp dumpalias --alias cmpRA
ejbca.sh config cmp addalias --alias cmp
ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN
ejbca.sh config cmp dumpalias --alias cmp
ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem
+ #Add "Certificate Update Admin" role to allow performing KUR/CR for certs within specific organization (e.g. Linux-Foundation)
+ ejbca.sh roles addrole "Certificate Update Admin"
+ ejbca.sh roles changerule "Certificate Update Admin" /ca/ManagementCA/ ACCEPT
+ ejbca.sh roles changerule "Certificate Update Admin" /ca_functionality/create_certificate/ ACCEPT
+ ejbca.sh roles changerule "Certificate Update Admin" /endentityprofilesrules/Custom_EndEntity/ ACCEPT
+ ejbca.sh roles changerule "Certificate Update Admin" /ra_functionality/edit_end_entity/ ACCEPT
+ ejbca.sh roles addrolemember "Certificate Update Admin" ManagementCA WITH_ORGANIZATION --value "{{ .Values.cmpv2Config.global.certificate.default.subject.organization }}"
}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
initContainers:
- name: {{ include "common.name" . }}-db-readiness
command:
env:
- name: INITIAL_ADMIN
value: ";PublicAccessAuthenticationToken:TRANSPORT_ANY;"
+ - name: NO_CREATE_CA
+ value: "true"
- name: DATABASE_JDBC_URL
value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ .Values.mysqlDatabase }}
- name: DATABASE_USER
#!/bin/bash -e
-#
+
# Copyright 2020 Samsung Electronics Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
deploy() {
local ingress_ip=$(ingress_controller_ip)
- pushd "$SPATH/bind9dns" > /dev/null
+ initdir = $(pwd)
+ cd $SPATH/bind9dns
if [ $# -eq 0 ]; then
local cl_domain="simpledemo.onap.org"
else
shift
fi
helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@
- popd > /dev/null
+ cd $initdir
target_machine_notice_info
}
if [ $# -eq 1 ] && [ "$1" = "-h" ]; then
usage
-elif [ $# -eq 1 ] && [ "$1" = "--help" ]; then
+elif [ $# -eq 1 ] && [ "$1" = "--help" ]; then
usage
elif [ $# -eq 1 ] && [ "$1" = "--info" ]; then
target_machine_notice_info
if [ -n "$NOT_AVAILABLE_IMAGES" ]; then
echo "[ERROR] Only release images are allowed in helm charts."
echo "[ERROR] Images not found in release repo:"
- echo -e "$NOT_AVAILABLE_IMAGES"
+ printf "%b$NOT_AVAILABLE_IMAGES\n"
exit 1
fi
-exit 0
\ No newline at end of file
+exit 0
--- /dev/null
+#!/bin/sh -x
+
+# Copyright (c) 2021 AT&T. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Pre-requisite
+# 1. Chart packages available under local directory provided as input/argument
+# 2. helm client installed with push plugin
+# 3. ONAP chartmuseum service deployed
+
+usage()
+{
+ echo "Chart Base directory must be provided as input!!"
+ echo "Usage: registry-initialize.sh -d chartdirectory \
+<-n namespace override> <-r helmrelease override>"
+ exit 1
+}
+
+if [ $# -eq 0 ]; then
+ usage
+fi
+
+# defaults
+NAMESPACE=onap
+RLS_NAME=onap
+LOGIN=""
+PASSWORD=""
+
+while getopts ":d:n:r:" opt; do
+ case $opt in
+ d) BASEDIR="$OPTARG"
+ ;;
+ n) NAMESPACE="$OPTARG"
+ ;;
+ r) RLS_NAME="$OPTARG"
+ ;;
+ \?) echo "Invalid option -$OPTARG" >&2
+ usage
+ ;;
+ esac
+done
+
+if [ -z "$BASEDIR" ]; then
+ exit "Chart base directory provided $BASEDIR is empty"
+fi
+
+if [ "$(find $BASEDIR -maxdepth 1 -name '*tgz' -print -quit)" ]; then
+ echo "$BASEDIR valid"
+else
+ exit "No chart package on $BASEDIR provided"
+fi
+
+LOGIN=$(kubectl -n "$NAMESPACE" get secret \
+ "${RLS_NAME}-chartmuseum-registrycred" \
+ -o jsonpath='{.data.login}' | base64 -d)
+
+PASSWORD=$(kubectl -n "$NAMESPACE" get secret \
+ "${RLS_NAME}-chartmuseum-registrycred" \
+ -o jsonpath='{.data.password}' | base64 -d)
+
+if [ -z "$LOGIN" ] || [ -z "$PASSWORD" ]; then
+ echo "Login/Password credential for target registry cannot be retrieved"
+ exit 1
+fi
+
+# Expose cluster port via port-forwarding
+kubectl -n $NAMESPACE port-forward service/chart-museum 27017:80 &
+if [ $? -ne 0 ]; then
+ echo "Error in portforwarding; registry cannot be added!!"
+ exit 1
+fi
+
+sleep 5
+
+# Add chartmuseum repo as helm repo
+# Credentials should match config defined in
+# oom\kubernetes\platform\components\chartmuseum\values.yaml
+helm repo add k8s-registry http://127.0.0.1:27017 --username "$LOGIN" \
+ --password "$PASSWORD"
+if [ $? -ne 0 ]; then
+ echo "registry cannot be added!!"
+ pkill -f "port-forward service/chart-museum"
+ exit 1
+fi
+
+# Initial scope is pushing only dcae charts
+# can be expanded to include all onap charts if required
+for file in $BASEDIR/dcae*tgz; do
+ # use helm plugin to push charts
+ helm push $file k8s-registry
+ if [ $? -eq 0 ]; then
+ echo "$file uploaded to registry successfully"
+ else
+ echo "registry upload failed!!"
+ pkill -f "port-forward service/chart-museum"
+ helm repo remove k8s-registry
+ exit 1
+ fi
+done
+
+echo "All Helm charts successfully uploaded into internal repository"
+
+# Remove the port-forwarding process
+pkill -f "port-forward service/chart-museum"
+
+# Remove helm registry from local
+helm repo remove k8s-registry
.project
.idea/
*.tmproj
-components/
\ No newline at end of file
+components/
-# Copyright (C) 2021 Pantheon.tech
+# Copyright (C) 2021 Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: Configuration Persistance Service (CPS)
+description: ONAP Configuration Persistance Service (CPS)
name: cps
version: 8.0.0
# Copyright © 2020 Samsung Electronics
+# Copyright (c) 2021 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../../../dist
+OUTPUT_DIR := $(ROOT_DIR)/../dist
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
+HELM_REPO := local
+
EXCLUDES :=
HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
-ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
-else
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
-endif
- @$(HELM_BIN) repo index $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME $(HELM_REPO); fi
+ @sleep 3
clean:
@rm -f */requirements.lock
ONAP Configuration Persistence Service (CPS) includes the following Kubernetes services:
-1) Cps and xNF - Configuration Persistence Service together with Nf Configuration Persistence Service
\ No newline at end of file
+1) cps-core - Configuration Persistence Service together with Nf Configuration Persistence Service
\ No newline at end of file
# Copyright © 2020 Samsung Electronics
+# Copyright (c) 2021 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../../dist
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
-EXCLUDES := dist resources templates charts docker
+HELM_REPO := local
+
+EXCLUDES :=
HELM_BIN := helm
+# Helm v2 and helm v3 uses different version format so we first try in helm v3 format
+# and if it fails then we fallback to helm v2 one
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}" 2>/dev/null)
+ifneq "$(findstring v3,$(HELM_VER))" "v3"
+ HELM_VER := $(shell $(HELM_BIN) version -c --template "{{.Client.SemVer}}")
+endif
+
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-all: $(HELM_CHARTS)
+all: $(HELM_CHARTS) helm-repo-update
$(HELM_CHARTS):
@echo "\n[$@]"
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
-ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
-else
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
-endif
- @$(HELM_BIN) repo index $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME $(HELM_REPO); fi
+ @sleep 3
clean:
@rm -f */requirements.lock
@rm -f *tgz */charts/*tgz
@rm -rf $(PACKAGE_DIR)
+
+helm-repo-update:
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @$(HELM_BIN) repo update
+endif
+
%:
@:
.project
.idea/
*.tmproj
+components/
\ No newline at end of file
-# Copyright © 2018 AT&T
+# Copyright (C) Pantheon.tech, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: Chart for Change Management Service Orchestrator (CMSO)
-name: oof-cmso
+description: ONAP Configuration Persistance Service (CPS) - Core
+name: cps-core
version: 8.0.0
-# Copyright (C) 2020 Wipro Limited.
+# Copyright (C) 2021 Pantheon.tech, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~8.x-0
repository: '@local'
- - name: certInitializer
+ - name: postgres
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
version: ~8.x-0
repository: '@local'
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
{{/*
- # Copyright (C) 2021 Pantheon.tech
- # Modifications Copyright (C) 2020 Bell Canada. All rights reserved.
- # Modifications Copyright (C) 2021 Nordix Foundation. All rights reserved.
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
+# Copyright (C) 2021 Pantheon.tech
+# Modifications Copyright (C) 2020 Bell Canada.
+# Modifications Copyright (C) 2021 Nordix Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
*/}}
----
+
server:
port: 8080
<!--
============LICENSE_START=======================================================
- Copyright (C) 2020 Bell Canada. All rights reserved.
+ Copyright (C) 2020 Bell Canada.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
+
http://www.apache.org/licenses/LICENSE-2.0
+
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
{{/*
# Copyright (C) 2021 Pantheon.tech, Orange
# Modifications Copyright (C) 2021 Bell Canada.
-# Modifications Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: init-temp
emptyDir: {}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
{{/*
-# Copyright © 2020 Samsung Electronics
+# Copyright (C) 2021 Pantheon.tech
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{/*
-# Copyright © 2020 Samsung Electronics
+# Copyright (C) 2021 Pantheon.tech, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-{{ include "common.secretFast" . }}
+{{ include "common.service" . }}
--- /dev/null
+# Copyright (C) 2021 Pantheon.tech, Orange, Bell Canada.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Secrets.
+#################################################################
+secrets:
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-cps-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "cps-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "cps-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+ - uid: app-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
+ login: '{{ .Values.config.appUserName }}'
+ password: '{{ .Values.config.appUserPassword }}'
+ passwordPolicy: generate
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+
+# bitnami image doesn't support well single quote in password
+passwordStrengthOverride: basic
+global:
+ ingress:
+ virtualhost:
+ baseurl: "simpledemo.onap.org"
+
+image: onap/cps-and-nf-proxy:1.0.1
+containerPort: &svc_port 8080
+
+service:
+ type: ClusterIP
+ name: cps-core
+ ports:
+ - name: &port http
+ port: *svc_port
+
+pullPolicy: Always
+# flag to enable debugging - application support required
+debugEnabled: false
+nodeSelector: {}
+affinity: {}
+# Resource Limit flavor -By Default using small
+flavor: small
+# default number of instances
+replicaCount: 1
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 20
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ path: /manage/health
+ port: *port
+
+readiness:
+ initialDelaySeconds: 15
+ periodSeconds: 15
+ path: /manage/health
+ port: *port
+
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "cps-core"
+ path: "/"
+ name: "cps-core"
+ port: *svc_port
+
+serviceAccount:
+ nameOverride: cps-core
+ roles:
+ - read
+
+securityContext:
+ user_id: 100
+ group_id: 655533
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+config:
+
+ # Set it for pre loading xnfdata, else set to null
+ liquibaseLabels: xnf-data-preload
+
+ # REST API basic authentication credentials (passsword is generated if not provided)
+ appUserName: cpsuser
+ spring:
+ profile: helm
+ #appUserPassword:
+
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format insead of yaml.
+# additional:
+# spring.config.max-size: 200
+# spring.config.min-size: 10
+
+logging:
+ level: INFO
+ path: /tmp
+
+#################################################################
+# Postgres overriding defaults in the postgres
+#################################################################
+postgres:
+ nameOverride: &postgresName cps-postgres
+ service:
+ name: *postgresName
+ name2: cps-pg-primary
+ name3: cps-pg-replica
+ container:
+ name:
+ primary: cps-pg-primary
+ replica: cps-pg-replica
+ persistence:
+ mountSubPath: cps/data
+ mountInitPath: cps
+ config:
+ pgUserName: cps
+ pgDatabase: cpsdb
+ pgUserExternalSecret: *pgUserCredsSecretName
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
+
+readinessCheck:
+ wait_for:
+ - cps-postgres
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
\ No newline at end of file
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+
# http://www.apache.org/licenses/LICENSE-2.0
-#
+
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
apiVersion: v1
-description: ONAP External System Register
-name: esr
+description: ONAP Configuration Persistance Service (CPS) - Temporal
+name: cps-temporal
version: 8.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: timescaledb
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+spring:
+ datasource:
+ url: jdbc:postgresql://{{ .Values.timescaledb.service.name }}:5432/{{ .Values.timescaledb.config.pgDatabase }}
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ kafka:
+ bootstrap-servers: [{{ .Values.config.kafka.service }}:{{ .Values.config.kafka.port }}]
+ security:
+ protocol: {{ .Values.config.kafka.protocol }}
+ consumer:
+ group-id: {{ .Values.config.kafka.consumerGroupId }}
+
+security:
+ auth:
+ username: ${APP_USERNAME}
+ password: ${APP_PASSWORD}
+
+app:
+ listener:
+ data-updated:
+ topic: {{ .Values.config.kafka.listenerTopic }}
+
+{{- if .Values.config.additional }}
+{{ toYaml .Values.config.additional | nindent 2 }}
+{{- end }}
+
+# Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>%d - %highlight(%-5level) [%-20.20thread] %cyan(%logger{36}) - %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <!-- Logger for cps classes -->
+ <logger name="org.onap.cps" level="info"/>
+
+ <!-- Logger for sql statements. Set to info to disable, debug to enable -->
+ <logger name="org.hibernate.SQL" level="info"/>
+
+ <!-- Logger for sql bindings. Set to info to disable, to trace to enable -->
+ <logger name="org.hibernate.type.descriptor.sql.BasicBinder" level="info"/>
+
+ <!-- Logger for hibernate statistics. Set to warn to disable, to info to enable -->
+ <logger name="org.hibernate.engine.internal.StatisticalLoggingSessionEventListener" level="warn"/>
+
+ <root level="info">
+ <appender-ref ref="STDOUT" />
+ </root>
+
+</configuration>
\ No newline at end of file
{{/*
-# Copyright © 2018 AT&T
-#
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+
# http://www.apache.org/licenses/LICENSE-2.0
-#
+
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
*/}}
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | nindent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim}}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-update-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ - name: APP_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
+ - name: APP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: init-data-input
+ - mountPath: /config
+ name: init-data
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: {{ .Values.liveness.path }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ httpGet:
+ port: {{ .Values.readiness.port }}
+ path: {{ .Values.readiness.path }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: SPRING_PROFILES_ACTIVE
+ value: {{ .Values.config.spring.profile }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /app/resources/application-helm.yml
+ subPath: application-helm.yml
+ name: init-data
+ - mountPath: /app/resources/logback.xml
+ subPath: logback.xml
+ name: init-data
+ - mountPath: /tmp
+ name: init-temp
+ volumes:
+ - name: init-data-input
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: init-data
+ emptyDir:
+ medium: Memory
+ - name: init-temp
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.ingress" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+passwordStrengthOverride: basic
+global:
+ ingress:
+ virtualhost:
+ baseurl: "simpledemo.temporal.onap.org"
+
+secrets:
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-temporal-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.timescaledb.config.pgUserExternalSecret) .) (hasSuffix "cps-temporal-pg-user-creds" .Values.timescaledb.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.timescaledb.config.pgUserName }}'
+ password: '{{ .Values.timescaledb.config.pgUserPassword }}'
+ passwordPolicy: generate
+ - uid: app-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
+ login: '{{ .Values.config.appUserName }}'
+ password: '{{ .Values.config.appUserPassword }}'
+ passwordPolicy: generate
+
+image: onap/cps-temporal:0.0.1
+containerPort: &svc_port 8080
+managementPort: &mgt_port 8081
+
+prometheus:
+ enabled: true
+
+service:
+ type: ClusterIP
+ name: cps-temporal
+ ports:
+ - name: http
+ port: *svc_port
+ targetPort: *svc_port
+ - name: management
+ port: *mgt_port
+ targetPort: *mgt_port
+
+metrics:
+ serviceMonitor:
+ enabled: true
+ port: management
+ ## specify target port if name is not given to the port in the service definition
+ ##
+ # targetPort: 8080
+ path: /manage/prometheus
+ interval: 60s
+ basicAuth:
+ enabled: false
+
+pullPolicy: IfNotPresent
+# flag to enable debugging - application support required
+debugEnabled: false
+nodeSelector: {}
+affinity: {}
+# Resource Limit flavor -By Default using small
+flavor: small
+# default number of instances
+replicaCount: 1
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 20
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ path: /manage/health
+ port: *mgt_port
+
+readiness:
+ initialDelaySeconds: 15
+ periodSeconds: 15
+ path: /manage/health
+ port: *mgt_port
+
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "cps-temporal"
+ path: "/"
+ name: "cps-temporal"
+ port: *svc_port
+
+serviceAccount:
+ nameOverride: cps-temporal
+ roles:
+ - read
+
+securityContext:
+ user_id: 100
+ group_id: 655533
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+config:
+ # REST API basic authentication credentials (passsword is generated if not provided)
+ appUserName: cpstemporal
+ spring:
+ profile: helm
+ #appUserPassword:
+
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
+# additional:
+# spring.config.max-size: 200
+# spring.config.min-size: 10
+
+ kafka:
+ service: message-router-kafka
+ port: 9092
+ listenerTopic: cps.cfg-state-events
+ consumerGroupId: cps-temporal-group
+ protocol: PLAINTEXT
+
+logging:
+ level: INFO
+ path: /tmp
+
+timescaledb:
+ nameOverride: cps-temporal-db
+ container:
+ name: cps-temporal-db
+ name: cpstemporaldb
+ service:
+ name: cps-temporal-db
+ persistence:
+ mountSubPath: cps-temporal/data
+ mountInitPath: cps-temporal
+ config:
+ pgUserName: cpstemporaldb
+ pgDatabase: cpstemporaldb
+ pgUserExternalSecret: *pgUserCredsSecretName
+ serviceAccount:
+ nameOverride: cps-temporal-db
+
+readinessCheck:
+ wait_for:
+ - cps-temporal-db
+
+minReadySeconds: 10
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
\ No newline at end of file
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Configuration Persistance Service (CPS) - NCMP-DMI-Plugin
+name: ncmp-dmi-plugin
+version: 8.0.0
-# Copyright (C) 2020 Wipro Limited.
-#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
dependencies:
- name: common
version: ~8.x-0
repository: '@local'
- - name: certInitializer
+ - name: readinessCheck
version: ~8.x-0
repository: '@local'
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+server:
+ port: 8080
+
+cps-core:
+ baseUrl: http://${CPS_CORE_HOST:cps}:${CPS_CORE_PORT:8080}
+ dmiRegistrationUrl : /cps-ncmp/api/ncmp-dmi/v1/ch
+ auth:
+ username: ${CPS_CORE_USERNAME}
+ password: ${CPS_CORE_PASSWORD}
+
+sdnc:
+ baseUrl: http://${SDNC_HOST:sdnc}:${SDNC_PORT:8181}
+ topologyId: ${SDNC_TOPOLOGY_ID:topology-netconf}
+ auth:
+ username: ${SDNC_USERNAME}
+ password: ${SDNC_PASSWORD}
+
+security:
+ # comma-separated uri patterns which do not require authorization
+ permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/v3/api-docs
+ auth:
+ username: ${DMI_PLUGIN_USERNAME}
+ password: ${DMI_PLUGIN_PASSWORD}
+
+logging:
+ level:
+ org:
+ springframework: {{ .Values.logging.level }}
+ onap:
+ cps: {{ .Values.logging.cps }}
+
+
+{{- if .Values.config.additional }}
+{{ toYaml .Values.config.additional | nindent 2 }}
+{{- end }}
+
+# Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2021 Nordix Foundation
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>%d - %highlight(%-5level) [%-20.20thread] %cyan(%logger{36}) - %msg%n</pattern>
+ </encoder>
+ </appender>
+ <appender name="AsyncSysOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncSysOut" />
+ </root>
+
+</configuration>
+
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
http://{{ . }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
+ export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
+ You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ export SERVICE_PORT=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.spec.ports[0].port}')
+ echo http://$SERVICE_IP:$SERVICE_PORT
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ export POD_PORT=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
+ kubectl port-forward $POD_NAME 8080:$POD_PORT
{{- end }}
{{/*
-# Copyright © 2018 AT&T
-#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
*/}}
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | nindent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
+ {{- if .Values.prometheus.enabled }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/path: 'manage/prometheus'
+ prometheus.io/port: {{ .Values.managementPort | quote }}
+ {{- end }}
+ spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim}}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-update-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: DMI_PLUGIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "user-creds" "key" "login") | indent 12 }}
+ - name: DMI_PLUGIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "user-creds" "key" "password") | indent 12 }}
+ - name: SDNC_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "login") | indent 12 }}
+ - name: SDNC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "password") | indent 12 }}
+ - name: CPS_CORE_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "core-creds" "key" "login") | indent 12 }}
+ - name: CPS_CORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "core-creds" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: init-data-input
+ - mountPath: /config
+ name: init-data
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: {{ .Values.liveness.path }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ httpGet:
+ port: {{ .Values.readiness.port }}
+ path: {{ .Values.readiness.path }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: SPRING_PROFILES_ACTIVE
+ value: {{ .Values.config.spring.profile }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /app/resources/application-helm.yml
+ subPath: application-helm.yml
+ name: init-data
+ - mountPath: /app/resources/logback.xml
+ subPath: logback.xml
+ name: init-data
+ - mountPath: /tmp
+ name: init-temp
+ volumes:
+ - name: init-data-input
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: init-data
+ emptyDir:
+ medium: Memory
+ - name: init-temp
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.ingress" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Secrets.
+#################################################################
+secrets:
+ - uid: user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
+ login: '{{ .Values.config.appUserName }}'
+ password: '{{ .Values.config.appUserPassword }}'
+ passwordPolicy: generate
+ - uid: sdnc-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
+ login: '{{ .Values.config.sdncUser }}'
+ password: '{{ .Values.config.sdncPassword }}'
+ passwordPolicy: required
+ - uid: core-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.coreCredsExternalSecret) . }}'
+ login: '{{ .Values.config.coreUser }}'
+ password: '{{ .Values.config.corePassword }}'
+ passwordPolicy: generate
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ ingress:
+ virtualhost:
+ baseurl: "simpledemo.onap.org"
+
+image: onap/ncmp-dmi-plugin:0.0.1
+containerPort: &svc_port 8080
+managementPort: &mgt_port 8081
+
+prometheus:
+ enabled: true
+ interval: 60s
+
+service:
+ type: ClusterIP
+ name: ncmp-dmi-plugin
+ ports:
+ - name: &port http
+ port: *svc_port
+ - name: management
+ port: *mgt_port
+ targetPort: *mgt_port
+
+pullPolicy: IfNotPresent
+# flag to enable debugging - application support required
+debugEnabled: false
+nodeSelector: {}
+affinity: {}
+# Resource Limit flavor -By Default using small
+flavor: small
+# default number of instances
+replicaCount: 1
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 20
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ path: /manage/health
+ port: *mgt_port
+
+readiness:
+ initialDelaySeconds: 15
+ periodSeconds: 15
+ path: /manage/health
+ port: *mgt_port
+
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "ncmp-dmi-plugin"
+ path: "/"
+ name: "ncmp-dmi-plugin"
+ port: *svc_port
+
+serviceAccount:
+ nameOverride: ncmp-dmi-plugin
+ roles:
+ - read
+
+securityContext:
+ user_id: 100
+ group_id: 655533
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+config:
+
+ # REST API basic authentication credentials (passsword is generated if not provided)
+ appUserName: ncmpuser
+ spring:
+ profile: helm
+ #appUserPassword:
+
+ sdncUser: admin
+ sdncPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+ coreUser: cpsuser
+
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format insead of yaml.
+# additional:
+# spring.config.max-size: 200
+# spring.config.min-size: 10
+
+logging:
+ level: INFO
+ cps: DEBUG
+ path: /tmp
+
+readinessCheck:
+ wait_for:
+ - cps-postgres
-# Copyright (C) 2021 Pantheon.tech, Orange
+# Copyright (C) 2021 Bell Canada.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~8.x-0
repository: '@local'
- - name: postgres
+ - name: cps-core
version: ~8.x-0
repository: '@local'
- - name: readinessCheck
+ condition: cps-core.enabled
+ - name: cps-temporal
version: ~8.x-0
repository: '@local'
- - name: repositoryGenerator
- version: ~8.x-0
- repository: '@local'
- - name: serviceAccount
+ condition: cps-temporal.enabled
+ - name: ncmp-dmi-plugin
version: ~8.x-0
repository: '@local'
+ condition: ncmp-dmi-plugin.enabled
\ No newline at end of file
{{/*
-# Copyright (C) 2021 Pantheon.tech
-#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
*/}}
{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
- # Copyright (C) 2021 Pantheon.tech, Orange
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- */}}
-
-{{ include "common.service" . }}
-# Copyright (C) 2021 Pantheon.tech, Orange, Bell Canada.
+# Copyright (C) 2021 Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
#################################################################
-# Secrets.
+# Global configuration defaults.
#################################################################
secrets:
- - uid: pg-root-pass
- name: &pgRootPassSecretName '{{ include "common.release" . }}-cps-pg-root-pass'
- type: password
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "cps-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
- password: '{{ .Values.postgres.config.pgRootpassword }}'
- policy: generate
- - uid: pg-user-creds
- name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-pg-user-creds'
- type: basicAuth
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "cps-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
- login: '{{ .Values.postgres.config.pgUserName }}'
- password: '{{ .Values.postgres.config.pgUserPassword }}'
- passwordPolicy: generate
- - uid: app-user-creds
+ - uid: core-app-user-creds
+ name: &core-creds-secret '{{ include "common.release" . }}-cps-core-app-user-creds'
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
- login: '{{ .Values.config.appUserName }}'
- password: '{{ .Values.config.appUserPassword }}'
+ externalSecret: '{{ tpl (default "" .Values.config.coreUserExternalSecret) . }}'
+ login: '{{ .Values.config.coreUserName }}'
+ password: '{{ .Values.config.coreUserPassword }}'
passwordPolicy: generate
-#################################################################
-# Global configuration defaults.
-#################################################################
-
-# bitnami image doesn't support well single quote in password
passwordStrengthOverride: basic
global:
ingress:
virtualhost:
baseurl: "simpledemo.onap.org"
-image: onap/cps-and-nf-proxy:1.0.1
-containerPort: &svc_port 8080
-
-service:
- type: ClusterIP
- name: cps
- ports:
- - name: &port http
- port: *svc_port
+config:
+ coreUserName: cpsuser
-pullPolicy: Always
-# flag to enable debugging - application support required
-debugEnabled: false
-nodeSelector: {}
-affinity: {}
-# Resource Limit flavor -By Default using small
-flavor: small
-# default number of instances
-replicaCount: 1
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- large:
- limits:
- cpu: 4
- memory: 4Gi
- requests:
- cpu: 2
- memory: 2Gi
- unlimited: {}
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 20
- periodSeconds: 20
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
+# Enable all CPS components by default
+cps-core:
enabled: true
- path: /manage/health
- port: *port
-
-readiness:
- initialDelaySeconds: 15
- periodSeconds: 15
- path: /manage/health
- port: *port
+ config:
+ appUserExternalSecret: *core-creds-secret
-ingress:
+cps-temporal:
enabled: true
- service:
- - baseaddr: "cps"
- path: "/"
- name: "cps"
- port: *svc_port
-
-serviceAccount:
- nameOverride: cps
- roles:
- - read
-
-securityContext:
- user_id: 100
- group_id: 655533
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-config:
-
- # Set it for pre loading xnfdata, else set to null
- liquibaseLabels: xnf-data-preload
-
- # REST API basic authentication credentials (passsword is generated if not provided)
- appUserName: cpsuser
- spring:
- profile: helm
- #appUserPassword:
-
-# Any new property can be added in the env by setting in overrides in the format mentioned below
-# All the added properties must be in "key: value" format insead of yaml.
-# additional:
-# spring.config.max-size: 200
-# spring.config.min-size: 10
-
-logging:
- level: INFO
- path: /tmp
-
-#################################################################
-# Postgres overriding defaults in the postgres
-#################################################################
-postgres:
- nameOverride: &postgresName cps-postgres
- service:
- name: *postgresName
- name2: cps-pg-primary
- name3: cps-pg-replica
- container:
- name:
- primary: cps-pg-primary
- replica: cps-pg-replica
- persistence:
- mountSubPath: cps/data
- mountInitPath: cps
+ncmp-dmi-plugin:
+ enabled: true
config:
- pgUserName: cps
- pgDatabase: cpsdb
- pgUserExternalSecret: *pgUserCredsSecretName
- pgRootPasswordExternalSecret: *pgRootPassSecretName
-
-readinessCheck:
- wait_for:
- - cps-postgres
+ coreCredsExternalSecret: *core-creds-secret
.idea/
*.tmproj
.vscode/
+components/
EXCLUDES :=
HELM_BIN := helm
+# Helm v2 and helm v3 uses different version format so we first try in helm v3 format
+# and if it fails then we fallback to helm v2 one
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}" 2>/dev/null)
+ifneq "$(findstring v3,$(HELM_VER))" "v3"
+ HELM_VER := $(shell $(HELM_BIN) version -c --template "{{.Client.SemVer}}")
+endif
+
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-all: $(HELM_CHARTS)
+all: $(HELM_CHARTS) helm-repo-update
$(HELM_CHARTS):
@echo "\n[$@]"
@rm -f */requirements.lock
@rm -f *tgz */charts/*tgz
@rm -rf $(PACKAGE_DIR)
+
+helm-repo-update:
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @$(HELM_BIN) repo update
+endif
+
%:
@:
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2019 AT&T
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
*/}}
{{- define "dcaegen2-services-common.configMap" -}}
+{{- $appConf := .Values.applicationConfig | default (dict) -}}
apiVersion: v1
kind: ConfigMap
metadata:
labels: {{ include "common.labels" . | nindent 6 }}
data:
application_config.yaml: |
-{{ .Values.applicationConfig | toYaml | indent 4 }}
+{{ $appConf | toYaml | indent 4 }}
{{- if .Values.logDirectory }}
---
filebeat.yml: |-
{{ include "dcaegen2-services-common.filebeatConfiguration" . | indent 4 }}
{{- end }}
+
+{{- if .Values.drFeedConfig }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-feeds-config
+ namespace: {{ include "common.namespace" . }}
+ labels: {{ include "common.labels" . | nindent 6 }}
+data:
+ {{- range $i, $feed := .Values.drFeedConfig }}
+ feedConfig-{{$i}}.json: |-
+ {{ $feed | toJson | indent 2 }}
+ {{- end }}
+{{- end }}
+
+{{- if .Values.drPubConfig }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-drpub-config
+ namespace: {{ include "common.namespace" . }}
+ labels: {{ include "common.labels" . | nindent 6 }}
+data:
+ {{- range $i, $drpub := .Values.drPubConfig }}
+ drpubConfig-{{$i}}.json: |-
+ {{ $drpub | toJson | indent 2 }}
+ {{- end }}
+{{- end }}
+
+{{- if .Values.drSubConfig }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-drsub-config
+ namespace: {{ include "common.namespace" . }}
+ labels: {{ include "common.labels" . | nindent 6 }}
+data:
+ {{- range $i, $drsub := .Values.drSubConfig }}
+ drsubConfig-{{$i}}.json: |-
+ {{ $drsub | toJson | indent 2 }}
+ {{- end }}
+{{- end }}
+
+{{- if .Values.mrTopicsConfig }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-topics-config
+ namespace: {{ include "common.namespace" . }}
+ labels: {{ include "common.labels" . | nindent 6 }}
+data:
+ {{- range $i, $topics := .Values.mrTopicsConfig }}
+ topicsConfig-{{$i}}.json: |-
+ {{ $topics | toJson | indent 2 }}
+ {{- end }}
+{{- end }}
{{- end }}
\ No newline at end of file
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2021 Nokia. All rights reserved.
+# Copyright (c) 2021 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
This initial implementation supports ConfigMaps only, as this is the only
external volume mounting required by current microservices.
-.Values.externalValues is a list of objects. Each object has 3 required fields and 1 optional field:
+.Values.externalVolumes is a list of objects. Each object has 3 required fields and 2 optional fields:
- name: the name of the resource (in the current implementation, it must be a ConfigMap)
that is to be set up as a volume. The value is a case sensitive string. Because the
names of resources are sometimes set at deployment time (for instance, to prefix the Helm
value is a case-sensitive string.
- readOnly: (Optional) Boolean flag. Set to true to mount the volume as read-only.
Defaults to false.
+ - optional: (Optional) Boolean flag. Set to true to make the configMap optional (i.e., to allow the
+ microservice's pod to start even if the configMap doesn't exist). If set to false, the configMap must
+ be present in order for the microservice's pod to start. Defaults to true. (Note that this
+ default is the opposite of the Kubernetes default. We've done this to be consistent with the behavior
+ of the DCAE Cloudify plugin for Kubernetes [k8splugin], which always set "optional" to true.)
Here is an example fragment from a values.yaml file for a microservice:
- name: '{{ include "common.release" . }}-another-example'
type: configmap
mountPath: /opt/app/otherconfig
+ optional: false
*/}}
{{- define "dcaegen2-services-common._externalVolumes" -}}
{{- $global := . -}}
{{- if .Values.externalVolumes }}
{{- range $vol := .Values.externalVolumes }}
{{- if eq (lower $vol.type) "configmap" }}
- {{- $vname := (tpl $vol.name $global) }}
+ {{- $vname := (tpl $vol.name $global) -}}
+ {{- $opt := hasKey $vol "optional" | ternary $vol.optional true }}
- configMap:
defaultMode: 420
name: {{ $vname }}
+ optional: {{ $opt }}
name: {{ $vname }}
{{- end }}
{{- end }}
Policy-sync sidecar polls PolicyEngine (PDP) periodically based
on .Values.policies.duration and configuration retrieved is shared with
DCAE Microservice container by common volume. Policy can be retrieved based on
-list of policyID or filter
+list of policyID or filter. An optional policyRelease parameter can be specified
+to override the default policy helm release (used for retreiving the secret containing
+pdp username and password)
+
+Following is example policy config override
+
+dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
+policies:
+ duration: 300
+ policyRelease: "onap"
+ policyID: |
+ '["onap.vfirewall.tca","onap.vdns.tca"]'
*/}}
{{- define "dcaegen2-services-common.microserviceDeployment" -}}
{{- $logDir := default "" .Values.logDirectory -}}
{{- $certDir := default "" .Values.certDirectory . -}}
{{- $tlsServer := default "" .Values.tlsServer -}}
-{{- $policy := default "" .Values.policies -}}
+{{- $commonRelease := print (include "common.release" .) -}}
+{{- $policy := default dict .Values.policies -}}
+{{- $policyRls := default $commonRelease $policy.policyRelease -}}
+{{- $drFeedConfig := default "" .Values.drFeedConfig -}}
apiVersion: apps/v1
kind: Deployment
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
+ {{- if not $drFeedConfig }}
- command:
- sh
args:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-
+ {{- end }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+ {{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }}
- name: init-consul
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: POLICY_SYNC_PDP_USER
valueFrom:
secretKeyRef:
- name: onap-policy-xacml-pdp-api-creds
+ name: {{ $policyRls }}-policy-xacml-pdp-api-creds
key: login
- name: POLICY_SYNC_PDP_PASS
valueFrom:
secretKeyRef:
- name: onap-policy-xacml-pdp-api-creds
+ name: {{ $policyRls }}-policy-xacml-pdp-api-creds
key: password
- name: POLICY_SYNC_PDP_URL
value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969
{{- end -}}
{{- if $policy.duration }}
- name: POLICY_SYNC_DURATION
- value: {{ $policy.duration }}
+ value: "{{ $policy.duration }}"
{{- end }}
resources: {{ include "common.resources" . | nindent 2 }}
volumeMounts:
- name: policy-shared
emptyDir: {}
{{- end }}
+ {{- include "common.dmaap.provisioning._volumes" . | nindent 6 -}}
{{- include "dcaegen2-services-common._externalVolumes" . | nindent 6 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- name: dcae-config-delete
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /opt/app/delete_key.sh
args:
- - --delete-key
- {{ include "common.name" . }}
{{ end -}}
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-all: $(HELM_CHARTS)
+all: $(HELM_CHARTS) helm-repo-update
$(HELM_CHARTS):
@echo "\n[$@]"
@rm -f */requirements.lock
@rm -f *tgz */charts/*tgz
@rm -rf $(PACKAGE_DIR)
+
+helm-repo-update:
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+ @$(HELM_BIN) repo update
+endif
+
%:
@:
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (c) 2021 AT&T Intellectual Property
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+apiVersion: v1
+appVersion: "Honolulu"
+description: DCAE BBS-EventProcessor Microservice
+name: dcae-bbs-eventprocessor-ms
+version: 8.0.0
\ No newline at end of file
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~8.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.secretFast" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.service" . }}
\ No newline at end of file
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+#################################################################
+# Global Configuration Defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+#################################################################
+# Filebeat Configuration Defaults.
+#################################################################
+filebeatConfig:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+#################################################################
+# Secrets Configuration.
+#################################################################
+secrets:
+ - uid: &aafCredsUID aafcreds
+ type: basicAuth
+ login: '{{ .Values.aafCreds.identity }}'
+ password: '{{ .Values.aafCreds.password }}'
+ passwordPolicy: required
+ - uid: &aaiCredsUID aaicreds
+ type: basicAuth
+ login: '{{ .Values.aaiCreds.username }}'
+ password: '{{ .Values.aaiCreds.password }}'
+ passwordPolicy: required
+
+
+#################################################################
+# InitContainer Images.
+#################################################################
+tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+
+#################################################################
+# Application Configuration Defaults.
+#################################################################
+# Application Image
+image: onap/org.onap.dcaegen2.services.components.bbs-event-processor:2.1.0
+pullPolicy: Always
+
+# Log directory where logging sidecar should look for log files
+# if absent, no sidecar will be deployed
+logDirectory: /opt/app/bbs-event-processor/logs
+
+# Directory where TLS certs should be stored
+# if absent, no certs will be retrieved and stored
+certDirectory: /opt/app/bbs-event-processor/etc/cert/
+
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: true
+
+# Dependencies
+readinessCheck:
+ wait_for:
+ - dcae-config-binding-service
+ - aaf-cm
+
+# Probe Configuration
+readiness:
+ initialDelaySeconds: 120
+ periodSeconds: 180
+ timeoutSeconds: 5
+ path: /heartbeat
+ scheme: HTTP
+ port: 8100
+
+
+# Service Configuration
+service:
+ type: ClusterIP
+ name: dcae-bbs-eventprocessor
+ ports:
+ - name: https
+ port: 8100
+ port_protocol: http
+
+# AAF Credentials
+aafCreds:
+ identity: dcae@dcae.onap.org
+ password: demo123456!
+
+# AAI Credentials
+aaiCreds:
+ username: AAI
+ password: AAI
+
+credentials:
+- name: AAF_USERNAME
+ uid: *aafCredsUID
+ key: login
+- name: AAF_PASSWORD
+ uid: *aafCredsUID
+ key: password
+- name: AAI_USERNAME
+ uid: *aaiCredsUID
+ key: login
+- name: AAI_PASSWORD
+ uid: *aaiCredsUID
+ key: password
+
+
+# Initial Application Configuration
+applicationConfig:
+ streams_subscribes:
+ pnf_reregistration:
+ type: message_router
+ aaf_username: ${AAF_USERNAME}
+ aaf_password: ${AAF_PASSWORD}
+ dmaap_info:
+ topic_url: https:message-router:3905/events/unauthenticated.PNF_UPDATE
+ cpe_authentication:
+ type: message_router
+ aaf_username: ${AAF_USERNAME}
+ aaf_password: ${AAF_PASSWORD}
+ dmaap_info:
+ topic_url: https:message-router:3905/events/unauthenticated.CPE_AUTHENTICATION
+ streams_publishes:
+ close_loop:
+ type: message_router
+ aaf_username: ${AAF_USERNAME}
+ aaf_password: ${AAF_PASSWORD}
+ dmaap_info:
+ topic_url: https:message-router:3905/events/unauthenticated.DCAE_CL_OUTPUT
+ dmaap.protocol: https
+ dmaap.contentType: application/json
+ dmaap.consumer.consumerId: c12
+ dmaap.consumer.consumerGroup: OpenDcae-c12
+ dmaap.messageLimit: -1
+ dmaap.timeoutMs: -1
+ aai.host: aai.onap
+ aai.port: 8443
+ aai.protocol: https
+ aai.username: ${AAI_USERNAME}
+ aai.password: ${AAF_PASSWORD}
+ aai.aaiIgnoreSslCertificateErrors: true
+ application.pipelinesPollingIntervalSec: 25
+ application.pipelinesTimeoutSec: 15
+ application.cbsPollingIntervalSec: 120
+ application.policyVersion: 1.0.0.5
+ application.clTargetType: VM
+ application.clEventStatus: ONSET
+ application.clVersion: 1.0.2
+ application.clTarget: vserver.vserver-name
+ application.clOriginator: DCAE-BBS-ep
+ application.reregistration.policyScope: policyScopeReReg
+ application.reregistration.clControlName: clControlNameReReg
+ application.cpe.authentication.policyScope: policyScopeCpeAuth
+ application.cpe.authentication.clControlName: clControlNameCpeAuth
+ application.reregistration.configKey: pnf_reregistration
+ application.cpeAuth.configKey: cpe_authentication
+ application.closeLoop.configKey: close_loop
+ application.loggingLevel: INFO
+ application.ssl.keyStorePath: "/opt/app/bbs-event-processor/etc/cert/cert.jks"
+ application.ssl.keyStorePasswordPath: "/opt/app/bbs-event-processor/etc/cert/jks.pass"
+ application.ssl.trustStorePath: "/opt/app/bbs-event-processor/etc/cert/trust.jks"
+ application.ssl.trustStorePasswordPath: "/opt/app/bbs-event-processor/etc/cert/trust.pass"
+ application.ssl.enableAaiCertAuth: true
+ application.ssl.enableDmaapCertAuth: true
+
+# Resource Limit Flavor -By Default Using Small
+flavor: small
+
+# Segregation for Different Environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+apiVersion: v1
+appVersion: "Honolulu"
+description: DCAE DataFile Collector Helm charts
+name: dcae-datafile-collector
+version: 8.0.0
\ No newline at end of file
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: certManagerCertificate
+ version: ~8.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~8.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (C) 2021 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
+{{ include "certManagerCertificate.certificate" . }}
+{{ end }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (C) 2021 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (C) 2021 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (C) 2021 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.service" . }}
\ No newline at end of file
--- /dev/null
+# ================================ LICENSE_START ==========================
+# =========================================================================
+# Copyright (C) 2021 Nordix Foundation.
+# =========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ===========================
+
+#################################################################
+# Global Configuration Defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+#################################################################
+# Filebeat Configuration Defaults.
+#################################################################
+filebeatConfig:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+#################################################################
+# InitContainer Images.
+#################################################################
+tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0
+
+#################################################################
+# Application Configuration Defaults.
+#################################################################
+# Application Image
+image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.6.1
+pullPolicy: Always
+
+# Log directory where logging sidecar should look for log files
+# if absent, no sidecar will be deployed
+logDirectory: /var/log/ONAP
+
+# Directory where TLS certs should be stored
+# if absent, no certs will be retrieved and stored
+certDirectory: /opt/app/datafile/etc/cert
+
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: true
+
+# CMPv2 certificate
+# It is used only when:
+# - certDirectory is set
+# - global cmpv2Enabled flag is set to true
+# - flag useCmpv2Certificates is set to true
+# Disabled by default
+useCmpv2Certificates: false
+certificates:
+ - mountPath: /opt/app/datafile/etc/cert/external
+ commonName: dcae-datafile-collector
+ dnsNames:
+ - dcae-datafile-collector
+ - datafile-collector
+ - datafile
+ keystore:
+ outputType:
+ - p12
+ passwordSecretRef:
+ name: datafile-collector-cmpv2-keystore-password
+ key: password
+ create: true
+
+# Dependencies
+readinessCheck:
+ wait_for:
+ containers:
+ - dcae-config-binding-service
+ - aaf-cm
+ - dmaap-bc
+ - dmaap-provisioning-job
+
+# Probe Configuration
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 15
+ timeoutSeconds: 1
+ path: /heartbeat
+ scheme: HTTP
+ port: 8100
+
+# Service Configuration
+service:
+ type: ClusterIP
+ name: datafile-collector
+ ports:
+ - name: https
+ port: 8443
+ plain_port: 8100
+ port_protocol: http
+
+# Environment variables
+applicationEnv:
+# Empty path forces DFC to use Consul configuration, which allows app runtime reconfiguration.
+# It's a workaround because DMAAP specific env variables are not available in main container.
+ CBS_CLIENT_CONFIG_PATH: ''
+
+# Initial Application Configuration
+applicationConfig:
+ dmaap.certificateConfig.keyCert: /opt/app/datafile/etc/cert/cert.p12
+ dmaap.certificateConfig.keyPasswordPath: /opt/app/datafile/etc/cert/p12.pass
+ dmaap.certificateConfig.trustedCa: /opt/app/datafile/etc/cert/trust.jks
+ dmaap.certificateConfig.trustedCaPasswordPath: /opt/app/datafile/etc/cert/trust.pass
+ dmaap.dmaapConsumerConfiguration.consumerGroup: OpenDcae-c12
+ dmaap.dmaapConsumerConfiguration.consumerId: C12
+ dmaap.dmaapConsumerConfiguration.timeoutMs: -1
+ dmaap.security.enableDmaapCertAuth: true
+ dmaap.security.keyStorePasswordPath: /opt/app/datafile/etc/cert/jks.pass
+ dmaap.security.keyStorePath: /opt/app/datafile/etc/cert/cert.jks
+ dmaap.security.trustStorePasswordPath: /opt/app/datafile/etc/cert/trust.pass
+ dmaap.security.trustStorePath: /opt/app/datafile/etc/cert/trust.jks
+ service_calls: []
+ sftp.security.strictHostKeyChecking: true
+ streams_publishes:
+ PM_MEAS_FILES:
+ dmaap_info:
+ publisher_id: ${DR_FILES_PUBLISHER_ID_0}
+ location: loc00
+ log_url: ${DR_LOG_URL_0}
+ publish_url: ${DR_FILES_PUBLISHER_URL_0}
+ username: ${DR_USERNAME_0}
+ password: ${DR_PASSWORD_0}
+ type: data_router
+ streams_subscribes:
+ dmaap_subscriber:
+ dmaap_info:
+ topic_url: "https://message-router:3905/events/unauthenticated.VES_NOTIFICATION_OUTPUT"
+ type: message_router
+
+# DataRouter Feed Configuration
+drFeedConfig:
+ - feedName: bulk_pm_feed
+ owner: dcaecm
+ feedVersion: 0.0
+ asprClassification: unclassified
+ feedDescription: DFC Feed Creation
+
+# DataRouter Publisher Configuration
+drPubConfig:
+ - feedName: bulk_pm_feed
+ dcaeLocationName: loc00
+
+# ConfigMap Configuration for Feed, Dr_Publisher
+volumes:
+ - name: feeds-config
+ path: /opt/app/config/feeds
+ - name: drpub-config
+ path: /opt/app/config/dr_pubs
+
+# Resource Limit Flavor -By Default Using Small
+flavor: small
+
+# Segregation for Different Environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 500m
+ memory: 768Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ unlimited: {}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+appVersion: "Honolulu"
+description: DCAE datalake-admin-ui helm chart
+name: dcae-datalake-admin-ui
+version: 8.0.0
+
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~8.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# ============= LICENSE_START ================================================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============= LICENSE_END ==================================================
+
+#################################################################
+# Global Configuration Defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+#################################################################
+# Filebeat Configuration Defaults.
+#################################################################
+filebeatConfig:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+#################################################################
+# Secrets Configuration.
+#################################################################
+secrets:
+ - uid: &aafCredsUID aafcreds
+ type: basicAuth
+ login: '{{ .Values.aafCreds.identity }}'
+ password: '{{ .Values.aafCreds.password }}'
+ passwordPolicy: required
+
+################################aafcreds#################################
+# InitContainer Images.
+#################################################################
+tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+
+#################################################################
+# Application Configuration Defaults.
+#################################################################
+# Application Image
+image: onap/org.onap.dcaegen2.services.datalakeadminui:1.1.0
+
+# Log directory where logging sidecar should look for log files
+# if absent, no sidecar will be deployed
+logDirectory: /var/log/ONAP/dcaegen2/services/datalake-admin-ui
+
+# Directory where TLS certs should be stored
+# if absent, no certs will be retrieved and stored
+certDirectory: /opt/app/datalake-admin-ui/etc/cert/
+
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: true
+
+# Dependencies
+readinessCheck:
+ wait_for:
+ - aaf-cm
+ - dcae-datalake-feeder
+
+# Probe Configuration
+readiness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 1
+ path: /
+ scheme: HTTP
+ port: 8088
+
+# Service Configuration
+service:
+ type: ClusterIP
+ name: dl-admin-ui
+ ports:
+ - name: http
+ port: 8088
+ port_protocol: http
+
+# AAF Credentials
+aafCreds:
+ identity: dcae@dcae.onap.org
+ password: demo123456!
+
+# Initial Application Configuration
+applicationConfig:
+ FEEDER_ADDR: dl-feeder
+
+# Resource Limit Flavor -By Default Using Small
+flavor: small
+# Segregation for Different Environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+apiVersion: v1
+appVersion: "Honolulu"
+description: DCAE Datalake DES MS charts
+name: dcae-datalake-des
+version: 8.0.0
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~8.x-0
+ repository: '@local'
+
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+*/}}
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# ============= LICENSE_START ================================================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============= LICENSE_END ==================================================
+
+#################################################################
+# Global Configuration Defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+#################################################################
+# Filebeat Configuration Defaults.
+#B
+#################################################################
+filebeatConfig:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+#################################################################
+# Secrets Configuration.
+#################################################################
+secrets:
+ - uid: &aafCredsUID aafcreds
+ type: basicAuth
+ login: '{{ .Values.aafCreds.identity }}'
+ password: '{{ .Values.aafCreds.password }}'
+ passwordPolicy: required
+ - uid: &pgUserCredsSecretUid pg-user-creds
+ externalSecret: '{{ include "common.release" . }}-datalake-pg-user-creds'
+ type: basicAuth
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ passwordPolicy: required
+
+################################aafcreds#################################
+# InitContainer Images.
+#################################################################
+tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+
+#################################################################
+# Application Configuration Defaults.
+#################################################################
+# Application Image
+image: onap/org.onap.dcaegen2.services.datalake.exposure.service:1.1.1
+
+# Log directory where logging sidecar should look for log files
+# if absent, no sidecar will be deployed
+logDirectory: /var/log/ONAP/dcaegen2/services/datalake
+
+# Directory where TLS certs should be stored
+# if absent, no certs will be retrieved and stored
+certDirectory: /opt/app/datalake/etc/cert/
+
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: true
+
+# Dependencies
+readinessCheck:
+ wait_for:
+ - aaf-cm
+ - dcae-datalake-feeder
+
+# Probe Configuration
+readiness:
+ initialDelaySeconds: 90
+ periodSeconds: 90
+ timeoutSeconds: 10
+ path: /datalake/v1/exposure
+ scheme: HTTP
+ port: 1681
+
+# Service Configuration
+service:
+ type: ClusterIP
+ name: dl-des
+ ports:
+ - name: http
+ port: 1681
+ port_protocol: http
+
+# AAF Credentials
+aafCreds:
+ identity: dcae@dcae.onap.org
+ password: demo123456!
+
+#postgres configuration
+postgres:
+ config:
+ pgUserName: datalake
+
+# Initial Application Configuration
+applicationConfig:
+ PRESTO_HOST: dl-presto
+ PRESTO_PORT: 9000
+ PRESTO_USER: user
+ PRESTO_PASSWORD: test
+ HOSTNAME: dl-des
+
+applicationEnv:
+ PG_HOST: dcae-datalake-pg-primary
+ PG_PORT: '5432'
+ PG_USER:
+ secretUid: *pgUserCredsSecretUid
+ key: login
+ PG_PASSWORD:
+ secretUid: *pgUserCredsSecretUid
+ key: password
+ PG_DB: datalake
+ PRESTO_HOST: dl-presto
+ PRESTO_PORT: '9000'
+ PRESTO_USER: user
+ PRESTO_PASSWORD: test
+
+# Resource Limit Flavor -By Default Using Small
+flavor: small
+# Segregation for Different Environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+apiVersion: v1
+appVersion: "Honolulu"
+description: DCAE Datalake feeder MS charts
+name: dcae-datalake-feeder
+version: 8.0.0
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: postgres
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~8.x-0
+ repository: '@local'
+
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+#################################################################
+# Global Configuration Defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+#################################################################
+# Filebeat Configuration Defaults.
+#################################################################
+filebeatConfig:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+#################################################################
+# Secrets Configuration.
+#################################################################
+secrets:
+ - uid: &aafCredsUID aafcreds
+ type: basicAuth
+ login: '{{ .Values.aafCreds.identity }}'
+ password: '{{ .Values.aafCreds.password }}'
+ passwordPolicy: required
+ - uid: &pgUserCredsSecretUid pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-datalake-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "datalake-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
+#################################################################
+# InitContainer Images.
+#################################################################
+tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+
+#################################################################
+# Application Configuration Defaults.
+#################################################################
+# Application Image
+image: onap/org.onap.dcaegen2.services.datalakefeeder:1.1.1
+pullPolicy: Always
+
+# Log directory where logging sidecar should look for log files
+# if absent, no sidecar will be deployed
+logDirectory: /var/log/ONAP/dcaegen2/services/datalake
+
+# Directory where TLS certs should be stored
+# if absent, no certs will be retrieved and stored
+certDirectory: /opt/app/datalake/etc/certs
+
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: true
+
+# Dependencies
+readinessCheck:
+ wait_for:
+ - dcae-config-binding-service
+ - aaf-cm
+ - &postgresName dcae-datalake-postgres
+
+# Probe Configuration
+readiness:
+ initialDelaySeconds: 90
+ periodSeconds: 90
+ timeoutSeconds: 10
+ path: /datalake/v1/topics
+ scheme: HTTP
+ port: 1680
+
+# Service Configuration
+service:
+ type: ClusterIP
+ name: dl-feeder
+ ports:
+ - name: http
+ port: 1680
+ port_protocol: http
+
+# AAF Credentials
+aafCreds:
+ identity: dcae@dcae.onap.org
+ password: demo123456!
+
+credentials:
+- name: PG_USER
+ uid: *pgUserCredsSecretUid
+ key: login
+- name: PG_PASSWORD
+ uid: *pgUserCredsSecretUid
+ key: password
+
+# Initial Application Configuration
+applicationConfig:
+ PG_HOST: dcae-datalake-pg-primary
+ PG_PORT: 5432
+ PG_USER: ${PG_USER}
+ PG_PASSWORD: ${PG_PASSWORD}
+ PG_DB: datalake
+ HOSTNAME: dcae-datalake-feeder
+ CONSUL_HOST: consul
+ CONFIG_BINDING_SERVICE: 30408
+
+applicationEnv:
+ PG_HOST: dcae-datalake-pg-primary
+ PG_PORT: '5432'
+ PG_USER:
+ secretUid: *pgUserCredsSecretUid
+ key: login
+ PG_PASSWORD:
+ secretUid: *pgUserCredsSecretUid
+ key: password
+ PG_DB: datalake
+
+# Resource Limit Flavor -By Default Using Small
+flavor: small
+
+# Segregation for Different Environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
+
+#################################################################
+# Application configuration Overriding Defaults in the Postgres.
+#################################################################
+postgres:
+ nameOverride: *postgresName
+ service:
+ name: *postgresName
+ name2: dcae-datalake-pg-primary
+ name3: dcae-datalake-pg-replica
+ container:
+ name:
+ primary: dcae-datalake-pg-primary
+ replica: dcae-datalake-pg-replica
+ persistence:
+ mountSubPath: datalake/data
+ mountInitPath: datalake
+ config:
+ pgUserName: datalake
+ pgDatabase: datalake
+ pgUserExternalSecret: *pgUserCredsSecretName
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (c) 2021 AT&T Intellectual Property
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+apiVersion: v1
+appVersion: "Honolulu"
+description: DCAE Heartbeat Microservice
+name: dcae-heartbeat
+version: 8.0.0
\ No newline at end of file
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: postgres
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~8.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.secretFast" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.service" . }}
\ No newline at end of file
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+#################################################################
+# Global Configuration Defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+#################################################################
+# Filebeat Configuration Defaults.
+#################################################################
+filebeatConfig:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+#################################################################
+# Secrets Configuration.
+#################################################################
+secrets:
+ - uid: &aafCredsUID aafcreds
+ type: basicAuth
+ login: '{{ .Values.aafCreds.identity }}'
+ password: '{{ .Values.aafCreds.password }}'
+ passwordPolicy: required
+ - uid: &pgUserCredsSecretUid pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-heartbeat-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "heartbeat-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
+#################################################################
+# InitContainer Images.
+#################################################################
+tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+
+#################################################################
+# Application Configuration Defaults.
+#################################################################
+# Application Image
+image: onap/org.onap.dcaegen2.services.heartbeat:2.2.0
+pullPolicy: Always
+
+# Log directory where logging sidecar should look for log files
+# if absent, no sidecar will be deployed
+logDirectory: /var/log/ONAP/dcaegen2/services/heartbeat
+
+# Directory where TLS certs should be stored
+# if absent, no certs will be retrieved and stored
+certDirectory: /opt/app/heartbeat/etc/certs
+
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: true
+
+# Dependencies
+readinessCheck:
+ wait_for:
+ - dcae-config-binding-service
+ - aaf-cm
+ - &postgresName dcae-heartbeat-postgres
+
+# Probe Configuration
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 15
+ timeoutSeconds: 1
+ path: /
+ scheme: HTTP
+ port: 10002
+
+# Service Configuration
+service:
+ type: ClusterIP
+ name: dcae-heartbeat
+ ports:
+ - name: http
+ port: 10002
+ port_protocol: http
+
+# AAF Credentials
+aafCreds:
+ identity: dcae@dcae.onap.org
+ password: demo123456!
+
+credentials:
+- name: AAF_IDENTITY
+ uid: *aafCredsUID
+ key: login
+- name: AAF_PASSWORD
+ uid: *aafCredsUID
+ key: password
+- name: HEARTBEAT_PG_USERNAME
+ uid: *pgUserCredsSecretUid
+ key: login
+- name: HEARTBEAT_PG_PASSWORD
+ uid: *pgUserCredsSecretUid
+ key: password
+
+
+# Initial Application Configuration
+applicationConfig:
+ CBS_polling_allowed: "True"
+ CBS_polling_interval: "300"
+ consumerID: "1"
+ groupID: "hbgrpID"
+ pg_ipAddress: dcae-heartbeat-pg-primary
+ pg_passwd: ${HEARTBEAT_PG_PASSWORD}
+ pg_portNum: 5432
+ pg_userName: ${HEARTBEAT_PG_USERNAME}
+ pg_dbName: heartbeat
+ heartbeat_config: '{"vnfs": [{"eventName": "Heartbeat_vDNS","heartbeatcountmissed": 3,"heartbeatinterval": 60,"closedLoopControlName": "ControlLoopEvent1", "policyVersion": "1.0.0.5", "policyName":"vFireWall","policyScope": "resource=sampleResource,type=sampletype,CLName=sampleCLName","target_type": "VNF", "target": "genVnfName", "version": "1.0"}, {"eventName": "Heartbeat_vFW","heartbeatcountmissed": 3, "heartbeatinterval": 60,"closedLoopControlName": "ControlLoopEvent1","policyVersion": "1.0.0.5","policyName": "vFireWall","policyScope": "resource=sampleResource,type=sampletype,CLName=sampleCLName", "target_type":"VNF", "target": "genVnfName", "version": "1.0"}, {"eventName": "Heartbeat_xx","heartbeatcountmissed": 3, "heartbeatinterval": 60,"closedLoopControlName": "ControlLoopEvent1","policyVersion": "1.0.0.5","policyName": "vFireWall", "policyScope": "resource=sampleResource,type=sampletype,CLName=sampleCLName","target_type": "VNF","target": "genVnfName","version": "1.0"}]}'
+ streams_publishes:
+ dcae_cl_out:
+ dmaap_info:
+ topic_url: "http://message-router.onap.svc.cluster.local:3904/events/unauthenticated.DCAE_CL_OUTPUT"
+ type: message_router
+ streams_subscribes:
+ ves-heartbeat:
+ dmaap_info:
+ topic_url: "http://message-router:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT"
+ type: message_router
+
+#applicationEnv:
+# HEARTBEAT_PG_URL: &dcaeheartbeatPgPrimary dcae-heartbeat-pg-primary
+# HEARTBEAT_PG_USERNAME:
+# secretUid: *pgUserCredsSecretUid
+# key: login
+# HEARTBEAT_PG_PASSWORD:
+# secretUid: *pgUserCredsSecretUid
+# key: password
+
+# Resource Limit Flavor -By Default Using Small
+flavor: small
+
+# Segregation for Different Environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
+
+#################################################################
+# Application configuration Overriding Defaults in the Postgres.
+#################################################################
+postgres:
+ nameOverride: *postgresName
+ service:
+ name: *postgresName
+ name2: dcae-heartbeat-pg-primary
+ name3: dcae-heartbeat-pg-replica
+ container:
+ name:
+ primary: dcae-heartbeat-pg-primary
+ replica: dcae-heartbeat-pg-replica
+ persistence:
+ mountSubPath: heartbeat/data
+ mountInitPath: heartbeat
+ config:
+ pgUserName: heartbeat
+ pgDatabase: heartbeat
+ pgUserExternalSecret: *pgUserCredsSecretName
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
\ No newline at end of file
# initContainer images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
-certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.8.0
+image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.9.1
pullPolicy: Always
# log directory where logging sidecar should look for log files
applicationEnv:
JAVA_OPTS: '-Dlogback.configurationFile=/etc/ONAP/dcae-hv-ves-collector/logback.xml'
+ CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
# Resource Limit flavor -By Default using small
flavor: small
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+appVersion: "Honolulu"
+description: DCAE KPI MS chart
+name: dcae-kpi-ms
+version: 8.0.0
+
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~8.x-0
+ repository: '@local'
+
+
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 Wipro Limited.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# ============= LICENSE_START ================================================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============= LICENSE_END ==================================================
+
+#################################################################
+# Global Configuration Defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+#################################################################
+# Filebeat Configuration Defaults.
+#################################################################
+filebeatConfig:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+#################################################################
+# Secrets Configuration.
+#################################################################
+secrets:
+ - uid: &aafCredsUID aafcreds
+ type: basicAuth
+ login: '{{ .Values.aafCreds.identity }}'
+ password: '{{ .Values.aafCreds.password }}'
+ passwordPolicy: required
+
+#################################################################
+# InitContainer Images.
+#################################################################
+tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+
+#################################################################
+# Application Configuration Defaults.
+#################################################################
+# Application Image
+image: onap/org.onap.dcaegen2.services.components.kpi-ms:1.0.0
+pullPolicy: Always
+
+# Log directory where logging sidecar should look for log files
+# if absent, no sidecar will be deployed
+logDirectory: /var/log/ONAP/dcaegen2/services/kpims
+
+# Directory where TLS certs should be stored
+# if absent, no certs will be retrieved and stored
+certDirectory: /opt/app/kpims/etc/cert/
+
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: true
+enable_tls: true
+
+# Dependencies
+readinessCheck:
+ wait_for:
+ - dcae-config-binding-service
+ - aaf-cm
+
+# Probe Configuration
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 15
+ timeoutSeconds: 1
+ path: /healthcheck
+ scheme: HTTP
+ port: 8080
+
+# Service Configuration
+service:
+ type: ClusterIP
+ name: dcae-kpi-ms
+ ports:
+ - name: http
+ port: 8080
+ port_protocol: http
+
+# AAF Credentials
+aafCreds:
+ identity: dcae@dcae.onap.org
+ password: demo123456!
+
+credentials:
+- name: AAF_IDENTITY
+ uid: *aafCredsUID
+ key: login
+- name: AAF_PASSWORD
+ uid: *aafCredsUID
+ key: password
+
+# Initial Application Configuration
+applicationConfig:
+ aafUsername: ${AAF_IDENTITY}
+ aafPassword: ${AAF_PASSWORD}
+ trust_store_path: '/opt/app/kpims/etc/cert/trust.jks'
+ trust_store_pass_path: '/opt/app/kpims/etc/cert/trust.pass'
+ pollingInterval: 20
+ pollingTimeout: 60
+ cbsPollingInterval: 60
+ dmaap.server: ["message-router"]
+ cg: kpi-cg
+ cid: kpi-cid
+ streams_subscribes:
+ performance_management_topic:
+ aafUsername: ${AAF_IDENTITY}
+ aafPassword: ${AAF_PASSWORD}
+ type: message-router
+ dmaap_info:
+ topic_url: https://message-router.onap.svc.cluster.local:3905/events/org.onap.dmaap.mr.PERFORMANCE_MEASUREMENTS
+ streams_publishes:
+ kpi_topic:
+ aafUsername: ${AAF_IDENTITY}
+ aafPassword: ${AAF_PASSWORD}
+ type: message-router
+ dmaap_info:
+ topic_url: https://message-router.onap.svc.cluster.local:3905/events/unauthenticated.DCAE_KPI_OUTPUT
+ kpi.policy: '{"domain":"measurementsForKpi","methodForKpi":[{"eventName":"perf3gpp_CORE-AMF_pmMeasResult","controlLoopSchemaType":"SLICE","policyScope":"resource=networkSlice;type=configuration","policyName":"configuration.dcae.microservice.kpi-computation","policyVersion":"v0.0.1","kpis":[{"measType":"AMFRegNbr","operation":"SUM","operands":"RM.RegisteredSubNbrMean"}]},{"eventName":"perf3gpp_CORE-UPF_pmMeasResult","controlLoopSchemaType":"SLICE","policyScope":"resource=networkSlice;type=configuration","policyName":"configuration.dcae.microservice.kpi-computation","policyVersion":"v0.0.1","kpis":[{"measType":"UpstreamThr","operation":"SUM","operands":"GTP.InDataOctN3UPF"},{"measType":"DownstreamThr","operation":"SUM","operands":"GTP.OutDataOctN3UPF"}]}]}'
+
+applicationEnv:
+ STANDALONE: 'false'
+
+# Resource Limit Flavor -By Default Using Small
+flavor: small
+
+# Segregation for Different Environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
initialDelaySeconds: 10
periodSeconds: 10
# application image
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.1.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.2.0
# Resource Limit flavor -By Default using small
flavor: small
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+apiVersion: v1
+appVersion: "Honolulu"
+description: DCAE PM-Mapper Helm charts
+name: dcae-pm-mapper
+version: 8.0.0
\ No newline at end of file
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~8.x-0
+ repository: 'file://../../common/dcaegen2-services-common'
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (C) 2021 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (C) 2021 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (C) 2021 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.secretFast" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (C) 2021 Nordix Foundation. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.service" . }}
\ No newline at end of file
--- /dev/null
+# ================================ LICENSE_START ==========================
+# =========================================================================
+# Copyright (C) 2021 Nordix Foundation.
+# =========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ===========================
+
+#################################################################
+# Global Configuration Defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+#################################################################
+# Filebeat Configuration Defaults.
+#################################################################
+filebeatConfig:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+#################################################################
+# Secrets Configuration.
+#################################################################
+secrets:
+ - uid: &aafCredsUID aafcreds
+ type: basicAuth
+ login: '{{ .Values.aafCreds.identity }}'
+ password: '{{ .Values.aafCreds.password }}'
+ passwordPolicy: required
+ - uid: &drSubCredsUID drsubcreds
+ type: basicAuth
+ login: '{{ .Values.drSubscriberCreds.username }}'
+ password: '{{ .Values.drSubscriberCreds.password }}'
+ passwordPolicy: required
+
+#################################################################
+# InitContainer Images.
+#################################################################
+tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+
+#################################################################
+# Application Configuration Defaults.
+#################################################################
+# Application Image
+image: onap/org.onap.dcaegen2.services.pm-mapper:1.7.0
+pullPolicy: Always
+
+# Log directory where logging sidecar should look for log files
+# if absent, no sidecar will be deployed
+logDirectory: /var/log/ONAP/dcaegen2/services/pm-mapper
+
+# Directory where TLS certs should be stored
+# if absent, no certs will be retrieved and stored
+certDirectory: /opt/app/pm-mapper/etc/cert
+
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: true
+
+# Dependencies
+readinessCheck:
+ wait_for:
+ containers:
+ - dcae-config-binding-service
+ - aaf-cm
+ - dmaap-bc
+ - dmaap-provisioning-job
+ - dcae-datafile-collector
+
+# Probe Configuration
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 15
+ timeoutSeconds: 1
+ path: /healthcheck
+ scheme: HTTPS
+ port: 8443
+
+# Service Configuration
+service:
+ type: ClusterIP
+ name: dcae-pm-mapper
+ both_tls_and_plain: true
+ ports:
+ - name: https
+ port: 8443
+ plain_port: 8081
+ port_protocol: http
+
+# AAF Credentials
+aafCreds:
+ identity: dcae@dcae.onap.org
+ password: demo123456!
+
+# Data Router Subscriber Credentials
+drSubscriberCreds:
+ username: username
+ password: password
+
+credentials:
+- name: AAF_IDENTITY
+ uid: *aafCredsUID
+ key: login
+- name: AAF_PASSWORD
+ uid: *aafCredsUID
+ key: password
+- name: DR_USERNAME
+ uid: *drSubCredsUID
+ key: login
+- name: DR_PASSWORD
+ uid: *drSubCredsUID
+ key: password
+
+# Initial Application Configuration
+applicationConfig:
+ enable_tls: true
+ enable_http: false
+ aaf_identity: ${AAF_IDENTITY}
+ aaf_password: ${AAF_PASSWORD}
+ pm-mapper-filter: "{ \"filters\":[] }"
+ key_store_path: /opt/app/pm-mapper/etc/cert/cert.jks
+ key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass
+ trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks
+ trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass
+ dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete
+ streams_publishes:
+ dmaap_publisher:
+ type: message_router
+ dmaap_info:
+ client_id: ${MR_FILES_PUBLISHER_CLIENT_ID_0}
+ location: san-francisco
+ client_role: org.onap.dcae.pmPublisher
+ topic_url: http://message-router:3904/events/org.onap.dmaap.mr.PERFORMANCE_MEASUREMENTS
+ streams_subscribes:
+ dmaap_subscriber:
+ type: data_router
+ dmaap_info:
+ subscriber_id: ${DR_FILES_SUBSCRIBER_ID_0}
+ decompress: true
+ privileged: true
+ username: ${DR_USERNAME}
+ password: ${DR_PASSWORD}
+ location: san-francisco
+ delivery_url: https://dcae-pm-mapper:8443/delivery
+
+# DataRouter Feed Configuration
+drFeedConfig:
+ - feedName: bulk_pm_feed
+ owner: dcaecm
+ feedVersion: 0.0
+ asprClassification: unclassified
+ feedDescription: DFC Feed Creation
+
+# DataRouter Subscriber Configuration
+drSubConfig:
+ - feedName: bulk_pm_feed
+ decompress: true
+ username: ${DR_USERNAME}
+ userpwd: ${DR_PASSWORD}
+ dcaeLocationName: loc00
+ privilegedSubscriber: true
+ deliveryURL: https://dcae-pm-mapper:8443/delivery
+
+# MessageRouter Topic, Publisher Configuration
+mrTopicsConfig:
+ - topicName: PERFORMANCE_MEASUREMENTS
+ topicDescription: PM Mapper publishes perf3gpp VES PM Events to authenticated MR topic
+ owner: dcaecm
+ tnxEnabled: false
+ clients:
+ - dcaeLocationName: san-francisco
+ clientRole: org.onap.dcae.pmPublisher
+ action:
+ - pub
+ - view
+
+# ConfigMap Configuration for Dr Feed, Subscriber, MR Topics
+volumes:
+ - name: feeds-config
+ path: /opt/app/config/feeds
+ - name: drsub-config
+ path: /opt/app/config/dr_subs
+ - name: topics-config
+ path: /opt/app/config/topics
+
+# Resource Limit Flavor -By Default Using Small
+flavor: small
+
+# Segregation for Different Environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
\ No newline at end of file
# InitContainer Images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
#################################################################
# Application Configuration Defaults.
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
\ No newline at end of file
# initContainer images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.6
+image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1
pullPolicy: Always
# log directory where logging sidecar should look for log files
dmaap.dmaapConsumerConfiguration.timeoutMs: -1
dmaap.dmaapProducerConfiguration.dmaapContentType: "application/json"
dmaap.dmaapUpdateProducerConfiguration.dmaapContentType: "application/json"
- aai.aaiClientConfiguration.pnfUrl: https://aai.onap.svc.cluster.local:8443/aai/v12/network/pnfs/pnf
- aai.aaiClientConfiguration.baseUrl: https://aai.onap.svc.cluster.local:8443/aai/v12
+ aai.aaiClientConfiguration.pnfUrl: https://aai.onap.svc.cluster.local:8443/aai/v23/network/pnfs/pnf
+ aai.aaiClientConfiguration.baseUrl: https://aai.onap.svc.cluster.local:8443/aai/v23
aai.aaiClientConfiguration.aaiHost: aai.onap.svc.cluster.local
aai.aaiClientConfiguration.aaiHostPortNumber: 8443
aai.aaiClientConfiguration.aaiProtocol: "https"
aai.aaiClientConfiguration.aaiUserName: ${AAI_USER}
aai.aaiClientConfiguration.aaiUserPassword: ${AAI_PASSWORD}
aai.aaiClientConfiguration.aaiIgnoreSslCertificateErrors: true
- aai.aaiClientConfiguration.aaiBasePath: "/aai/v12"
+ aai.aaiClientConfiguration.aaiBasePath: "/aai/v23"
aai.aaiClientConfiguration.aaiPnfPath: "/network/pnfs/pnf"
- aai.aaiClientConfiguration.aaiServiceInstancePath: "/business/customers/customer/${customer}/service-subscriptions/service-subscription/${serviceType}/service-instances/service-instance/${serviceInstanceId}"
+ aai.aaiClientConfiguration.aaiServiceInstancePath: "/business/customers/customer/{{customer}}/service-subscriptions/service-subscription/{{serviceType}}/service-instances/service-instance/{{serviceInstanceId}}"
aai.aaiClientConfiguration.aaiHeaders:
X-FromAppId: "prh"
X-TransactionId: "9999"
dmaap_info:
topic_url: http://message-router.onap.svc.cluster.local:3904/events/unauthenticated.VES_PNFREG_OUTPUT
+applicationEnv:
+ CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (c) 2021 AT&T Intellectual Property
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+apiVersion: v1
+appVersion: "Honolulu"
+description: DCAE RESTConf Collector
+name: dcae-restconf-collector
+version: 8.0.0
\ No newline at end of file
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~8.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.secretFast" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.service" . }}
\ No newline at end of file
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+#################################################################
+# Global Configuration Defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+#################################################################
+# Filebeat Configuration Defaults.
+#################################################################
+filebeatConfig:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+#################################################################
+# Secrets Configuration.
+#################################################################
+secrets:
+ - uid: &controllerCredsUID controllercreds
+ type: basicAuth
+ login: '{{ .Values.controllerCreds.username }}'
+ password: '{{ .Values.controllerCreds.password }}'
+ passwordPolicy: required
+
+
+#################################################################
+# InitContainer Images.
+#################################################################
+tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+
+#################################################################
+# Application Configuration Defaults.
+#################################################################
+# Application Image
+image: onap/org.onap.dcaegen2.collectors.restconfcollector:1.2.5
+pullPolicy: Always
+
+# Log directory where logging sidecar should look for log files
+# if absent, no sidecar will be deployed
+# logDirectory: /opt/app/restconfcollector/logs
+
+# Directory where TLS certs should be stored
+# if absent, no certs will be retrieved and stored
+certDirectory: /opt/app/dcae-certificate
+
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: true
+
+# Dependencies
+readinessCheck:
+ wait_for:
+ - dcae-config-binding-service
+ - aaf-cm
+
+# Probe Configuration
+readiness:
+ initialDelaySeconds: 100
+ periodSeconds: 60
+ timeoutSeconds: 5
+ path: /healthcheck
+ scheme: HTTP
+ port: 8080
+
+
+# service configuration
+service:
+ type: NodePort
+ name: dcae-restconf-collector
+ ports:
+ - name: http
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
+ nodePort: 16
+ useNodePortExt: true
+
+# AAF Credentials
+controllerCreds:
+ username: access
+ password: Huawei@123
+
+credentials:
+- name: CONTROLLER_USERNAME
+ uid: *controllerCredsUID
+ key: login
+- name: CONTROLLER_PASSWORD
+ uid: *controllerCredsUID
+ key: password
+
+# Initial Application Configuration
+applicationConfig:
+ collector.rcc.appDescription: DCAE RestConf Collector Application
+ collector.rcc.appName: dcae-rcc
+ collector.rcc.dmaap.streamid: notification=device-registration
+ collector.rcc.inputQueue.maxPending: '8096'
+ tomcat.maxthreads: '200'
+ collector.rcc.service.port: '8080'
+ collector.rcc.service.secure.port: '8687'
+ collector.rcc.keystore.file.location: /opt/app/dcae-certificate/cert.jks
+ collector.rcc.keystore.passwordfile: /opt/app/dcae-certificate/jks.pass
+ collector.rcc.keystore.alias: dynamically generated
+ collector.rcc.truststore.file.location: /opt/app/dcae-certificate/trust.jks
+ collector.rcc.truststore.passwordfile: /opt/app/dcae-certificate/trust.pass
+ #collector.keystore.file.location: /opt/app/dcae-certificate/external/cert.jks
+ #collector.keystore.passwordfile: /opt/app/dcae-certificate/external/jks.pass
+ collector.header.authflag: '0'
+ collector.header.authlist: sample1,c2FtcGxlMQ==
+ collector.rcc.service.secure.clientauth: '0'
+ streams_publishes:
+ device-registration:
+ dmaap_info:
+ topic_url: http://message-router:3904/events/unauthenticated.DCAE_RCC_OUTPUT
+ type: message_router
+ #rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"${CONTROLLER_IP}:{CONTROLLER_PORT}","controller_restapiUser":"${CONTROLLER_USERNAME}","controller_restapiPassword":"${CONTROLLER_PASSWORD}","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]'
+ rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"172.30.0.55:26335","controller_restapiUser":"${CONTROLLER_USERNAME}","controller_restapiPassword":"${CONTROLLER_PASSWORD}","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]'
+
+#applicationEnv:
+# CONTROLLER_IP: "172.30.0.55"
+# CONTROLLER_PORT: "26335"
+
+
+# Resource Limit Flavor -By Default Using Small
+flavor: small
+
+# Segregation for Different Environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
\ No newline at end of file
# InitContainer Images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
#################################################################
# Application Configuration Defaults.
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (c) 2021 AT&T Intellectual Property
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+apiVersion: v1
+appVersion: "Honolulu"
+description: DCAE SNMPTrap Collector
+name: dcae-snmptrap-collector
+version: 8.0.0
\ No newline at end of file
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~8.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.secretFast" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.service" . }}
\ No newline at end of file
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+#################################################################
+# Global Configuration Defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+#################################################################
+# Filebeat Configuration Defaults.
+#################################################################
+filebeatConfig:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+
+#################################################################
+# InitContainer Images.
+#################################################################
+tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+
+#################################################################
+# Application Configuration Defaults.
+#################################################################
+# Application Image
+image: onap/org.onap.dcaegen2.collectors.snmptrap:2.0.5
+pullPolicy: Always
+
+# Log directory where logging sidecar should look for log files
+# if absent, no sidecar will be deployed
+logDirectory: /opt/app/snmptrap/logs
+
+
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: true
+
+# Dependencies
+readinessCheck:
+ wait_for:
+ - dcae-config-binding-service
+
+# Probe Configuration
+readiness:
+ type: exec
+ command:
+ - /opt/app/snmptrap/bin/snmptrapd.sh
+ - status
+
+# service configuration
+service:
+ type: NodePort
+ name: dcae-snmptrap-collector
+ ports:
+ - name: udp
+ port: 6162
+ l4_protocol: UDP # default to TCP if not set
+ port_protocol: udp #used in svn name
+ nodePort: 70
+ useNodePortExt: true
+
+# Initial Application Configuration
+applicationConfig:
+ StormWatchPolicy: ''
+ cache:
+ dns_cache_ttl_seconds: 60
+ services_calls: {}
+ snmptrapd:
+ version: '2.0.4'
+ title: ONAP SNMP Trap Receiver
+ sw_interval_in_seconds: 60
+ streams_publishes:
+ sec_fault_unsecure:
+ dmaap_info:
+ topic_url: http://message-router:3904/events/unauthenticated.ONAP-COLLECTOR-SNMPTRAP
+ type: message_router
+ aaf_password: null
+ aaf_username: null
+ files:
+ runtime_base_dir: "/opt/app/snmptrap"
+ log_dir: logs
+ data_dir: data
+ pid_dir: tmp
+ arriving_traps_log: snmptrapd_arriving_traps.log
+ snmptrapd_diag: snmptrapd_prog_diag.log
+ traps_stats_log: snmptrapd_stats.csv
+ perm_status_file: snmptrapd_status.log
+ eelf_base_dir: "/opt/app/snmptrap/logs"
+ eelf_error: error.log
+ eelf_debug: debug.log
+ eelf_audit: audit.log
+ eelf_metrics: metrics.log
+ roll_frequency: hour
+ minimum_severity_to_log: 3
+ protocols:
+ transport: udp
+ ipv4_interface: 0.0.0.0
+ ipv4_port: 6162
+ ipv6_interface: "::1"
+ ipv6_port: 6162
+ publisher:
+ http_milliseconds_timeout: 1500
+ http_retries: 3
+ http_milliseconds_between_retries: 750
+ http_primary_publisher: 'true'
+ http_peer_publisher: unavailable
+ max_traps_between_publishes: 10
+ max_milliseconds_between_publishes: 10000
+
+# Resource Limit Flavor -By Default Using Small
+flavor: small
+
+# Segregation for Different Environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# ============= LICENSE_START ================================================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============= LICENSE_END ==================================================
+
+apiVersion: v1
+appVersion: "Honolulu"
+description: DCAE Son-handler helm chart
+name: dcae-son-handler
+version: 8.0.0
--- /dev/null
+# ============= LICENSE_START ================================================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============= LICENSE_END ==================================================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: postgres
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~8.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# ============= LICENSE_START ================================================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============= LICENSE_END ==================================================
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }}
--- /dev/null
+{{/*
+# ============= LICENSE_START ================================================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============= LICENSE_END ==================================================
+*/}}
+
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+# ============= LICENSE_START ================================================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============= LICENSE_END ==================================================
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# ============= LICENSE_START ================================================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============= LICENSE_END ==================================================
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# ============= LICENSE_START ================================================
+# ============================================================================
+# Copyright (C) 2021 Wipro Limited.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============= LICENSE_END ==================================================
+
+#################################################################
+# Global Configuration Defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+#################################################################
+# Filebeat Configuration Defaults.
+#################################################################
+filebeatConfig:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+#################################################################
+# Secrets Configuration.
+#################################################################
+secrets:
+ - uid: &aafCredsUID aafcreds
+ type: basicAuth
+ login: '{{ .Values.aafCreds.identity }}'
+ password: '{{ .Values.aafCreds.password }}'
+ passwordPolicy: required
+ - uid: &pgUserCredsSecretUid pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-sonhms-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "sonhms-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
+#################################################################
+# InitContainer Images.
+#################################################################
+tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+
+#################################################################
+# Application Configuration Defaults.
+#################################################################
+# Application Image
+image: onap/org.onap.dcaegen2.services.son-handler:2.1.3
+pullPolicy: Always
+
+# Log directory where logging sidecar should look for log files
+# if absent, no sidecar will be deployed
+logDirectory: /var/log/ONAP/dcaegen2/services/sonhms
+
+# Directory where TLS certs should be stored
+# if absent, no certs will be retrieved and stored
+certDirectory: /opt/app/sonhms/etc/certs
+
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+tlsServer: true
+
+# Policy configuraiton properties
+# if present, policy-sync side car will be deployed
+dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
+policies:
+ policyID: |
+ '["com.Config_PCIMS_CONFIG_POLICY"]'
+
+# Dependencies
+readinessCheck:
+ wait_for:
+ - dcae-config-binding-service
+ - aaf-cm
+ - &postgresName dcae-sonhms-postgres
+
+# Probe Configuration
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 15
+ timeoutSeconds: 1
+ path: /healthcheck
+ scheme: HTTPS
+ port: 8080
+
+# Service Configuration
+service:
+ type: ClusterIP
+ name: dcae-son-handler
+ ports:
+ - name: https
+ port: 8080
+ port_protocol: http
+
+# AAF Credentials
+aafCreds:
+ identity: dcae@dcae.onap.org
+ password: demo123456!
+
+credentials:
+- name: AAF_IDENTITY
+ uid: *aafCredsUID
+ key: login
+- name: AAF_PASSWORD
+ uid: *aafCredsUID
+ key: password
+- name: PG_USERNAME
+ uid: *pgUserCredsSecretUid
+ key: login
+- name: PG_PASSWORD
+ uid: *pgUserCredsSecretUid
+ key: password
+
+
+# Initial Application Configuration
+applicationConfig:
+ postgres.host: &dcaeSonhmsPgPrimary dcae-sonhms-pg-primary
+ postgres.port: 5432
+ postgres.username: ${PG_USERNAME}
+ postgres.password: ${PG_PASSWORD}
+ sonhandler.pollingInterval: 20
+ sonhandler.pollingTimeout: 60
+ cbsPollingInterval: 60
+ sonhandler.numSolutions: 5
+ sonhandler.minCollision: 5
+ sonhandler.minConfusion: 5
+ sonhandler.maximumClusters: 5
+ sonhandler.badThreshold: 50
+ sonhandler.poorThreshold: 70
+ sonhandler.namespace: onap
+ sonhandler.sourceId: SONHMS
+ sonhandler.dmaap.server: ["message-router"]
+ sonhandler.bufferTime: 60
+ sonhandler.cg: sonhms-cg
+ sonhandler.cid: sonhms-cid
+ sonhandler.configDb.service: http://configdb:8080
+ sonhandler.oof.service: https://oof-osdf:8698
+ sonhandler.oof.endpoint: /api/oof/v1/pci
+ sonhandler.pciOptimizer: pci
+ sonhandler.pciAnrOptimizer: pci_anr
+ sonhandler.poorCountThreshold: 3
+ sonhandler.badCountThreshold: 3
+ sonhandler.oofTriggerCountTimer: 30
+ sonhandler.oofTriggerCountThreshold: 5
+ sonhandler.policyRespTimer: 10
+ sonhandler.policyNegativeAckThreshold: 3
+ sonhandler.policyFixedPciTimeInterval: 30000
+ sonhandler.nfNamingCode: RansimAgent
+ streams_publishes:
+ CL_topic:
+ type: message-router
+ aaf_username: ${AAF_IDENTITY}
+ aaf_password: ${AAF_PASSWORD}
+ dmaap_info:
+ topic_url: https://message-router:3905/events/unauthenticated.DCAE_CL_OUTPUT
+ streams_subscribes:
+ performance_management_topic:
+ type: message-router
+ aaf_username: ${AAF_IDENTITY}
+ aaf_password: ${AAF_PASSWORD}
+ dmaap_info:
+ topic_url: https://message-router:3905/events/unauthenticated.VES_MEASUREMENT_OUTPUT
+ fault_management_topic:
+ type: message-router
+ aaf_username: ${AAF_IDENTITY}
+ aaf_password: ${AAF_PASSWORD}
+ dmaap_info:
+ topic_url: https://message-router:3905/events/unauthenticated.SEC_FAULT_OUTPUT
+ nbr_list_change_topic:
+ type: message-router
+ aaf_username: ${AAF_IDENTITY}
+ aaf_password: ${AAF_PASSWORD}
+ dmaap_info:
+ topic_url: https://message-router:3905/events/PCI-NOTIF-TOPIC-NGHBR-LIST-CHANGE-INFO
+ dcae_cl_response_topic:
+ type: message-router
+ aaf_username: ${AAF_IDENTITY}
+ aaf_password: ${AAF_PASSWORD}
+ dmaap_info:
+ topic_url: https://message-router:3905/events/DCAE_CL_RSP
+ service_calls:
+ sdnr-getpnfname: []
+ sdnr-getpci: []
+ sdnr-getnbrlist: []
+ sdnr-getcelllist: []
+ oof-req: []
+ policy-req: []
+
+applicationEnv:
+ STANDALONE: 'false'
+
+# Resource Limit Flavor -By Default Using Small
+flavor: small
+
+# Segregation for Different Environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
+
+#################################################################
+# Application configuration Overriding Defaults in the Postgres.
+#################################################################
+postgres:
+ nameOverride: *postgresName
+ service:
+ name: *postgresName
+ name2: *dcaeSonhmsPgPrimary
+ name3: dcae-sonhms-pg-replica
+ container:
+ name:
+ primary: dcae-sonhms-pg-primary
+ replica: dcae-sonhms-pg-replica
+ persistence:
+ mountSubPath: sonhms/data
+ mountInitPath: sonhms
+ config:
+ pgUserName: sonhms
+ pgDatabase: sonhms
+ pgUserExternalSecret: *pgUserCredsSecretName
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
\ No newline at end of file
# initContainer images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.0
+image: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.1
pullPolicy: Always
# log directory where logging sidecar should look for log files
name: http
# Policy configuraiton properties
-# if present, policy-sync side car will be deployed
-
+# if enabled, policy-sync side car will be deployed
#dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
#policies:
# duration: 300
+# policyRelease: "onap"
# policyID: |
-# '["onap.vfirewall.tca","abc"]'
+# '["onap.vfirewall.tca","onap.vdns.tca"]'
# filter: |
# '["DCAE.Config_vfirewall_.*"]'
tca.aai.generic_vnf_path: aai/v11/network/generic-vnfs/generic-vnf
tca.aai.node_query_path: aai/v11/search/nodes-query
tca.aai.password: ${AAI_PASSWORD}
- tca.aai.url: http://aai
+ tca.aai.url: https://aai:8443
tca.aai.username: ${AAI_USERNAME}
tca.policy: '{"domain":"measurementsForVfScaling","metricsPerEventName":[{"eventName":"vFirewallBroadcastPackets","controlLoopSchemaType":"VM","policyScope":"DCAE","policyName":"DCAE.Config_tca-hi-lo","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta","thresholdValue":300,"direction":"LESS_OR_EQUAL","severity":"MAJOR","closedLoopEventStatus":"ONSET"},{"closedLoopControlName":"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta","thresholdValue":700,"direction":"GREATER_OR_EQUAL","severity":"CRITICAL","closedLoopEventStatus":"ONSET"}]},{"eventName":"vLoadBalancer","controlLoopSchemaType":"VM","policyScope":"DCAE","policyName":"DCAE.Config_tca-hi-lo","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta","thresholdValue":300,"direction":"GREATER_OR_EQUAL","severity":"CRITICAL","closedLoopEventStatus":"ONSET"}]},{"eventName":"Measurement_vGMUX","controlLoopSchemaType":"VNF","policyScope":"DCAE","policyName":"DCAE.Config_tca-hi-lo","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value","thresholdValue":0,"direction":"EQUAL","severity":"MAJOR","closedLoopEventStatus":"ABATED"},{"closedLoopControlName":"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value","thresholdValue":0,"direction":"GREATER","severity":"CRITICAL","closedLoopEventStatus":"ONSET"}]}]}'
tca.processing_batch_size: 10000
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
\ No newline at end of file
# initContainer images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
-certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.9.2
+image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.1
pullPolicy: Always
# log directory where logging sidecar should look for log files
nodePort: 17
useNodePortExt: true
+# application environments
+applicationEnv:
+ CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+
# initial application configuration
applicationConfig:
collector.dmaap.streamid: fault=ves-fault|syslog=ves-syslog|heartbeat=ves-heartbeat|measurement=ves-measurement|measurementsForVfScaling=ves-measurement|mobileFlow=ves-mobileflow|other=ves-other|stateChange=ves-statechange|thresholdCrossingAlert=ves-thresholdCrossingAlert|voiceQuality=ves-voicequality|sipSignaling=ves-sipsignaling|notification=ves-notification|pnfRegistration=ves-pnfRegistration|3GPP-FaultSupervision=ves-3gpp-fault-supervision|3GPP-Heartbeat=ves-3gpp-heartbeat|3GPP-Provisioning=ves-3gpp-provisioning|3GPP-PerformanceAssurance=ves-3gpp-performance-assurance
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (c) 2021 AT&T Intellectual Property
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+apiVersion: v1
+appVersion: "Honolulu"
+description: DCAE VES-Mapper Microservice
+name: dcae-ves-mapper
+version: 8.0.0
\ No newline at end of file
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~8.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+{{ include "dcaegen2-services-common.consulDeleteJob" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.secretFast" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T Intellectual Property #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.service" . }}
\ No newline at end of file
--- /dev/null
+# ================================ LICENSE_START =============================
+# ============================================================================
+# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ================================= LICENSE_END ==============================
+
+#################################################################
+# Global Configuration Defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+#################################################################
+# Filebeat Configuration Defaults.
+#################################################################
+filebeatConfig:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+#################################################################
+# InitContainer Images.
+#################################################################
+tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
+
+#################################################################
+# Application Configuration Defaults.
+#################################################################
+# Application Image
+image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.3.0
+pullPolicy: Always
+
+# Log directory where logging sidecar should look for log files
+# if absent, no sidecar will be deployed
+logDirectory: /opt/app/VESAdapter/logs
+
+# Directory where TLS certs should be stored
+# if absent, no certs will be retrieved and stored
+#certDirectory: /opt/app/ves-mapper/etc/certs
+
+# TLS role -- set to true if microservice acts as server
+# If true, an init container will retrieve a server cert
+# and key from AAF and mount them in certDirectory.
+#tlsServer: true
+
+# Dependencies
+readinessCheck:
+ wait_for:
+ - dcae-config-binding-service
+ - aaf-cm
+
+# Service Configuration
+service:
+ type: ClusterIP
+ name: dcae-ves-mapper
+ ports:
+ - name: http
+ port: 80
+ port_protocol: http
+
+
+# Initial Application Configuration
+applicationConfig:
+ app_preferences:
+ collectors:
+ - identifier: notification-id
+ mapping-files:
+ - defaultMappingFile-rcc-notification: "<?xml version='1.0' encoding='UTF-8'?><smooks-resource-list
+ xmlns='http://www.milyn.org/xsd/smooks-1.1.xsd' xmlns:jb='http://www.milyn.org/xsd/smooks/javabean-1.4.xsd'
+ xmlns:json='http://www.milyn.org/xsd/smooks/json-1.1.xsd'><json:reader rootName='vesevent'
+ keyWhitspaceReplacement='-'><json:keyMap><json:key from='date&time' to='date-and-time'
+ /></json:keyMap></json:reader><jb:bean class='org.onap.dcaegen2.ves.domain.ves70.VesEvent'
+ beanId='vesEvent' createOnElement='vesevent'><jb:wiring property='event' beanIdRef='event'
+ /></jb:bean><jb:bean class='org.onap.dcaegen2.ves.domain.ves70.Event' beanId='event'
+ createOnElement='vesevent'><jb:wiring property='commonEventHeader' beanIdRef='commonEventHeader'
+ /><jb:wiring property='pnfRegistrationFields' beanIdRef='pnfRegistrationFields'
+ /></jb:bean><jb:bean class='org.onap.dcaegen2.ves.domain.ves70.CommonEventHeader'
+ beanId='commonEventHeader' createOnElement='vesevent'><jb:expression property='version'>org.onap.dcaegen2.ves.domain.ves70.CommonEventHeader.Version._4_0_1</jb:expression><jb:expression
+ property='eventType'>'pnfRegistration'</jb:expression><jb:expression property='vesEventListenerVersion'>org.onap.dcaegen2.ves.domain.ves70.CommonEventHeader.VesEventListenerVersion._7_0_1</jb:expression><jb:expression
+ property='eventId' execOnElement='vesevent'>'registration_'+commonEventHeader.ts1</jb:expression><jb:expression
+ property='reportingEntityName'>'VESMapper'</jb:expression><jb:expression property='domain'>org.onap.dcaegen2.ves.domain.ves70.CommonEventHeader.Domain.PNF_REGISTRATION</jb:expression><jb:expression
+ property='eventName' execOnElement='vesevent'>commonEventHeader.domain</jb:expression><jb:value
+ property='sequence' data='0' default='0' decoder='Long' /><jb:expression property='lastEpochMicrosec'
+ execOnElement='vesevent'>commonEventHeader.ts1</jb:expression><jb:expression
+ property='startEpochMicrosec' execOnElement='vesevent'>commonEventHeader.ts1</jb:expression><jb:expression
+ property='priority'>org.onap.dcaegen2.ves.domain.ves70.CommonEventHeader.Priority.NORMAL</jb:expression><jb:expression
+ property='sourceName' execOnElement='vesevent'>pnfRegistrationFields.vendorName+'-'+pnfRegistrationFields.serialNumber</jb:expression></jb:bean><jb:bean
+ class='org.onap.dcaegen2.ves.domain.ves70.PnfRegistrationFields' beanId='pnfRegistrationFields'
+ createOnElement='vesevent'><jb:expression property='pnfRegistrationFieldsVersion'>org.onap.dcaegen2.ves.domain.ves70.PnfRegistrationFields.PnfRegistrationFieldsVersion._2_0</jb:expression><jb:value
+ property='serialNumber' data='pnfRegistration/serialNumber' /><jb:value property='lastServiceDate'
+ data='pnfRegistration/lastServiceDate' /><jb:value property='manufactureDate'
+ data='pnfRegistration/manufactureDate' /><jb:value property='modelNumber'
+ data='pnfRegistration/modelNumber' /><jb:value property='oamV4IpAddress' data='pnfRegistration/oamV4IpAddress'
+ /><jb:value property='oamV6IpAddress' data='pnfRegistration/oamV6IpAddress'
+ /><jb:value property='softwareVersion' data='pnfRegistration/softwareVersion'
+ /><jb:value property='unitFamily' data='pnfRegistration/unitFamily' /><jb:value
+ property='unitType' data='pnfRegistration/unitType' /><jb:value property='vendorName'
+ data='pnfRegistration/vendorName' /><jb:wiring property='additionalFields'
+ beanIdRef='alarmAdditionalInformation' /></jb:bean><jb:bean class='org.onap.dcaegen2.ves.domain.ves70.AlarmAdditionalInformation'
+ beanId='alarmAdditionalInformation' createOnElement='vesevent'><jb:wiring
+ property='additionalProperties' beanIdRef='additionalFields2' /></jb:bean><jb:bean
+ beanId='additionalFields2' class='java.util.HashMap' createOnElement='vesevent/pnfRegistration/additionalFields'><jb:value
+ data='pnfRegistration/additionalFields/*'/></jb:bean></smooks-resource-list>"
+ stream_publisher: ves-pnfRegistration
+ stream_subscriber: rcc-notification
+ - identifier: notify OID
+ mapping-files:
+ - defaultMappingFile-snmp-notification: "<?xml version='1.0' encoding='UTF-8'?><smooks-resource-list
+ xmlns='http://www.milyn.org/xsd/smooks-1.1.xsd' xmlns:jb='http://www.milyn.org/xsd/smooks/javabean-1.4.xsd'
+ xmlns:json='http://www.milyn.org/xsd/smooks/json-1.1.xsd'><json:reader rootName='vesevent'
+ keyWhitspaceReplacement='-'><json:keyMap><json:key from='date&time' to='date-and-time'
+ /></json:keyMap></json:reader><jb:bean class='org.onap.dcaegen2.ves.domain.ves54.VesEvent'
+ beanId='vesEvent' createOnElement='vesevent'><jb:wiring property='event' beanIdRef='event'
+ /></jb:bean><jb:bean class='org.onap.dcaegen2.ves.domain.ves54.Event' beanId='event'
+ createOnElement='vesevent'><jb:wiring property='commonEventHeader' beanIdRef='commonEventHeader'
+ /><jb:wiring property='faultFields' beanIdRef='faultFields' /></jb:bean><jb:bean
+ class='org.onap.dcaegen2.ves.domain.ves54.CommonEventHeader' beanId='commonEventHeader'
+ createOnElement='vesevent'><jb:expression property='version'>'3.0'</jb:expression><jb:expression
+ property='eventType'>'FaultField'</jb:expression><jb:expression property='eventId'
+ execOnElement='vesevent'>'XXXX'</jb:expression><jb:expression property='reportingEntityName'>'VESMapper'</jb:expression><jb:expression
+ property='domain'>org.onap.dcaegen2.ves.domain.ves54.CommonEventHeader.Domain.FAULT</jb:expression><jb:expression
+ property='eventName' execOnElement='vesevent'>commonEventHeader.domain</jb:expression><jb:value
+ property='sequence' data='0' default='0' decoder='Long' /><jb:value property='lastEpochMicrosec'
+ data='#/time-received' /><jb:value property='startEpochMicrosec' data='#/time-received'
+ /><jb:expression property='priority'>org.onap.dcaegen2.ves.domain.ves54.CommonEventHeader.Priority.NORMAL</jb:expression><jb:expression
+ property='sourceName'>'VesAdapter'</jb:expression></jb:bean><jb:bean class='org.onap.dcaegen2.ves.domain.ves54.FaultFields'
+ beanId='faultFields' createOnElement='vesevent'><jb:value property='faultFieldsVersion'
+ data='2.0' default='2.0' decoder='Double' /><jb:value property='alarmCondition'
+ data='#/trap-category' /><jb:expression property='specificProblem'>'SNMP Fault'</jb:expression><jb:expression
+ property='vfStatus'>org.onap.dcaegen2.ves.domain.ves54.FaultFields.VfStatus.ACTIVE</jb:expression><jb:expression
+ property='eventSeverity'>org.onap.dcaegen2.ves.domain.ves54.FaultFields.EventSeverity.MINOR</jb:expression><jb:wiring
+ property='alarmAdditionalInformation' beanIdRef='alarmAdditionalInformationroot'
+ /></jb:bean><jb:bean class='java.util.ArrayList' beanId='alarmAdditionalInformationroot'
+ createOnElement='vesevent'><jb:wiring beanIdRef='alarmAdditionalInformation'
+ /></jb:bean><jb:bean class='org.onap.dcaegen2.ves.domain.ves54.AlarmAdditionalInformation'
+ beanId='alarmAdditionalInformation' createOnElement='varbinds/element'><jb:value
+ property='name' data='#/varbind_oid' /><jb:value property='value' data='#/varbind_value'
+ /></jb:bean></smooks-resource-list>"
+ stream_publisher: ves-fault
+ stream_subscriber: snmp-notification
+ streams_publishes:
+ ves-fault:
+ dmaap_info:
+ topic_url: http://message-router:3904/events/unauthenticated.SEC_FAULT_OUTPUT
+ type: message_router
+ ves-pnfRegistration:
+ dmaap_info:
+ topic_url: http://message-router:3904/events/unauthenticated.VES_PNFREG_OUTPUT
+ type: message_router
+ streams_subscribes:
+ rcc-notification:
+ dmaap_info:
+ topic_url: http://message-router:3904/events/unauthenticated.DCAE_RCC_OUTPUT
+ type: message_router
+ snmp-notification:
+ dmaap_info:
+ topic_url: http://message-router:3904/events/unauthenticated.ONAP-COLLECTOR-SNMPTRAP
+ type: message_router
+
+# Resource Limit Flavor -By Default Using Small
+flavor: small
+
+# Segregation for Different Environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 AT&T. All rights reserved.
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: common
version: ~8.x-0
repository: '@local'
+ - name: dcae-bbs-eventprocessor-ms
+ version: ~8.x-0
+ repository: '@local'
+ condition: dcae-bbs-eventprocessor-ms.enabled
+ - name: dcae-datafile-collector
+ version: ~8.x-0
+ repository: '@local'
+ condition: dcae-datafile-collector.enabled
+ - name: dcae-datalake-admin-ui
+ version: ~8.x-0
+ repository: '@local'
+ condition: dcae-datalake-admin-ui.enabled
+ - name: dcae-datalake-des
+ version: ~8.x-0
+ repository: '@local'
+ condition: dcae-datalake-des.enabled
+ - name: dcae-datalake-feeder
+ version: ~8.x-0
+ repository: '@local'
+ condition: dcae-datalake-feeder.enabled
+ - name: dcae-heartbeat
+ version: ~8.x-0
+ repository: '@local'
+ condition: dcae-heartbeat.enabled
+ - name: dcae-hv-ves-collector
+ version: ~8.x-0
+ repository: '@local'
+ condition: dcae-hv-ves-collector.enabled
+ - name: dcae-kpi-ms
+ version: ~8.x-0
+ repository: '@local'
+ condition: dcae-kpi-ms.enabled
- name: dcae-ms-healthcheck
version: ~8.x-0
repository: '@local'
- #repository: 'file://components/dcae-ms-healthcheck'
condition: dcae-ms-healthcheck.enabled
+ - name: dcae-pm-mapper
+ version: ~8.x-0
+ repository: '@local'
+ condition: dcae-pm-mapper.enabled
- name: dcae-pmsh
version: ~8.x-0
repository: '@local'
- #repository: 'file://components/dcae-pmsh'
condition: dcae-pmsh.enabled
- name: dcae-prh
version: ~8.x-0
repository: '@local'
- #repository: 'file://components/dcae-prh'
- condition: dcae-bootstrap.enabled
+ condition: dcae-prh.enabled
+ - name: dcae-restconf-collector
+ version: ~8.x-0
+ repository: '@local'
+ condition: dcae-restconf-collector.enabled
+ - name: dcae-slice-analysis-ms
+ version: ~8.x-0
+ repository: '@local'
+ condition: dcae-slice-analysis-ms.enabled
+ - name: dcae-snmptrap-collector
+ version: ~8.x-0
+ repository: '@local'
+ condition: dcae-snmptrap-collector.enabled
+ - name: dcae-son-handler
+ version: ~8.x-0
+ repository: '@local'
+ condition: dcae-son-handler.enabled
- name: dcae-tcagen2
version: ~8.x-0
repository: '@local'
- #repository: 'file://components/dcae-tcagen2'
condition: dcae-tcagen2.enabled
- name: dcae-ves-collector
version: ~8.x-0
repository: '@local'
- #repository: 'file://components/dcae-ves-collector'
condition: dcae-ves-collector.enabled
- - name: dcae-hv-ves-collector
+ - name: dcae-ves-mapper
version: ~8.x-0
repository: '@local'
- #repository: 'file://components/dcae-hv-ves-collector'
- condition: dcae-hv-ves-collector.enabled
- - name: dcae-slice-analysis-ms
- version: ~8.x-0
- repository: '@local'
- #repository: 'file://components/dcae-slice-analysis-ms'
- condition: dcae-slice-analysis-ms.enabled
+ condition: dcae-ves-mapper.enabled
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021 AT&T. All rights reserved.
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
# Control deployment of DCAE microservices at ONAP installation time
-dcae-ms-healthcheck:
- enabled: true
+
+dcae-bbs-eventprocessor-ms:
+ enabled: false
+dcae-datafile-collector:
+ enabled: false
+dcae-datalake-admin-ui:
+ enabled: false
+dcae-datalake-des:
+ enabled: false
+dcae-datalake-feeder:
+ enabled: false
+dcae-heartbeat:
+ enabled: false
dcae-hv-ves-collector:
enabled: true
+dcae-kpi-ms:
+ enabled: false
+dcae-ms-healthcheck:
+ enabled: true
+dcae-pm-mapper:
+ enabled: false
dcae-pmsh:
enabled: false
dcae-prh:
enabled: true
+dcae-restconf-collector:
+ enabled: false
+dcae-slice-analysis-ms:
+ enabled: false
+dcae-snmptrap-collector:
+ enabled: false
+dcae-son-handler:
+ enabled: false
dcae-tcagen2:
enabled: true
dcae-ves-collector:
enabled: true
-dcae-slice-analysis-ms:
+dcae-ves-mapper:
enabled: false
nodePortPrefix: 302
nodePortPrefixExt: 304
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
secrets:
- uid: pg-root-pass
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.3.4
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
# Use to override default setting in blueprints
componentImages:
- tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.0
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.9.2
- prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.6
- hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.8.0
+ tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.1
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.1
+ prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1
+ hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.9.1
# Resource Limit flavor -By Default using small
flavor: small
nodePortPrefix: 302
persistence: {}
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
repositoryCred:
user: docker
password: docker
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.deployments.cm-container:4.5.0
+image: onap/org.onap.dcaegen2.deployments.cm-container:4.6.1
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.4.3
+image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.4.4
pullPolicy: Always
# probe configuration parameters
mountSubPath: dcae-dashboard/data
mountInitPath: dcae-dashboard
-# Resource Limit flavor -By Default using small
+#Resource Limit flavor -By Default using small
flavor: small
-# Segregation for Different environment (Small and Large)
+#Segregation for Different environment (Small and Large)
resources:
small:
limits:
- cpu: 4000m
- memory: 4Gi
+ cpu: 2
+ memory: 2Gi
requests:
- cpu: 1500m
+ cpu: 1
memory: 1Gi
large:
limits:
global:
nodePortPrefix: 302
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
secrets:
- uid: 'cm-pass'
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2020 Nokia
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
initialDelaySeconds: 10
periodSeconds: 10
# application image
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.1.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.2.0
# Resource Limit flavor -By Default using small
flavor: small
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
nodePortPrefix: 302
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
secrets:
- uid: 'cm-pass'
type: password
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.platform.policy-handler:5.1.2
+image: onap/org.onap.dcaegen2.platform.policy-handler:5.1.3
pullPolicy: Always
# probe configuration parameters
global:
nodePortPrefix: 302
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
#################################################################
# Secrets metaconfig
#=================================================================================
# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
initialDelaySeconds: 10
periodSeconds: 10
# application image
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.1.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.2.0
# Resource Limit flavor -By Default using small
flavor: small
importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml
importK8S: plugin:k8splugin?version=>=3.5.1,<4.0.0
importPostgres: plugin:pgaas?version=1.3.0
- importClamp: plugin:clamppolicyplugin?version=1.1.0
- importDMaaP: plugin:dmaap?version=1.5.0
+ importClamp: plugin:clamppolicyplugin?version=1.1.1
+ importDMaaP: plugin:dmaap?version=>=1.5.1,<2.0.0
useDmaapPlugin: false
bpResourcesCpuLimit: 250m
bpResourcesMemoryLimit: 128Mi
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
"topicName": "PNF_READY",
"topicDescription": "This topic will be used to publish the PNF_READY events generated by the PNF REgistration Handler service in the DCAE platform.",
"owner": "PNFRegistrationHandler",
- "txenabled": false,
+ "tnxEnabled": false,
"clients": [
{
"dcaeLocationName": "san-francisco",
"topicName": "PNF_REGISTRATION",
"topicDescription": "the VES collector will be publishing pnfRegistration events in this topic",
"owner": "VEScollector",
- "txenabled": false,
+ "tnxEnabled": false,
"clients": [
{
"dcaeLocationName": "san-francisco",
"topicDescription": "the topic used to provision the MM agent whitelist",
"replicationCase": "REPLICATION_NONE",
"owner": "dmaap",
- "txenabled": false,
+ "tnxEnabled": false,
"partitionCount": "1",
"clients": [
{
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
pullPolicy: Always
# application images
-image: onap/dmaap/dmaap-bc:2.0.5
+image: onap/dmaap/dmaap-bc:2.0.6
# application configuration
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dmaap-bc
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
CadiEnabled = false
#
# AAF Props file path
-AAFPropsFilePath = {{ .Values.aafConfig.credsPath }}/org.onap.dmaap-dr.props
+AAFPropsFilePath = {{ .Values.certInitializer.credsPath }}/org.onap.dmaap-dr.props
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 8 }}
- name: {{ include "common.name" . }}-readiness
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config" . | nindent 8 }}{{ end }}
- name: {{ include "common.name" . }}-permission-fixer
image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: {{ .Values.persistence.spool.path }}
name: {{ include "common.fullname" . }}-spool
- mountPath: {{ .Values.persistence.event.path }}
port: {{.Values.readiness.port}}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: {{ .Values.persistence.spool.path }}
name: {{ include "common.fullname" . }}-spool
- mountPath: {{ .Values.persistence.event.path }}
mountPath: /var/log/onap/datarouter-node
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
persistence: {}
aafEnabled: true
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: dmaap-dr-node-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: dmaap-dr-node
+ fqi: dmaap-dr-node@dmaap-dr.onap.org
+ public_fqdn: dmaap-dr.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
+ echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
+
#################################################################
# Application configuration defaults.
#################################################################
labels:
app.kubernetes.io/component: event-logs
-#################################################################
-# AAF part
-#################################################################
-aafConfig:
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: dmaap-dr-node
- fqi: dmaap-dr-node@dmaap-dr.onap.org
- public_fqdn: dmaap-dr.onap.org
- cadi_longitude: 0.0
- cadi_latitude: 0.0
- app_ns: org.osaaf.aaf
- permission_user: 1000
- permission_group: 1001
- secret_uid: &aaf_secret_uid dmaap-dr-node-aaf-deploy-creds
- credsPath: /opt/app/osaaf/local
-
#################################################################
# Secrets metaconfig
#################################################################
-secrets:
- - uid: *aaf_secret_uid
- type: basicAuth
- externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
- login: '{{ .Values.aafConfig.aafDeployFqi }}'
- password: '{{ .Values.aafConfig.aafDeployPass }}'
- passwordPolicy: required
+secrets: {}
ingress:
enabled: false
# dr uses the EELF Logging framework https://github.com/att/EELF
# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
logLevel: "INFO"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dmaap-dr-node
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap/datarouter-prov
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
mariadb:
name: *dmaap-dr-db
nameOverride: *dmaap-dr-db
- replicaCount: 3
+ replicaCount: 1
db:
externalSecret: *dbSecretName
name: datarouter
cpu: 1000m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dmaap-dr-prov
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
tolerations:
{{ toYaml .Values.tolerations | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
- name: docker-socket
hostPath:
path: /var/run/docker.sock
- {{- if .Values.global.aafEnabled }}
- - name: cadi
- configMap:
- name: {{ include "common.fullname" . }}-cadi-prop-configmap
- {{ end }}
- name: jaas
configMap:
name: {{ include "common.fullname" . }}-jaas-configmap
cpu: 1000m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: message-router-kafka
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
tolerations:
{{ toYaml .Values.tolerations | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
cpu: 1000m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: message-router-zookeeper
+ roles:
+ - read
- name: message-router-zookeeper
version: ~8.x-0
repository: 'file://components/message-router-zookeeper'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- mountPath: /appl/dmaapMR1/etc/keyfile
subPath: mykey
name: mykey
+ {{- if .Values.global.aafEnabled }}
- mountPath: /appl/dmaapMR1/etc/runner-web.xml
subPath: runner-web.xml
name: etc
name: sys-props
- mountPath: /jetty-config
name: jetty
+ {{- end }}
resources: {{ include "common.resources" . | nindent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
cpu: 1000m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: message-router
+ roles:
+ - read
version: ~8.x-0
repository: 'file://components/dmaap-dr-prov'
condition: dmaap-dr-prov.enabled
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
\ No newline at end of file
enabled: true
dmaap-dr-prov:
enabled: true
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dmaap
+ roles:
+ - read
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~8.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: repositoryGenerator
- version: ~8.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ .Chart.Name }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- securityContext:
- runAsUser: 1000
- runAsGroup: 1001
- fsGroup: 1001
- initContainers:
- - command:
- - cp
- args:
- - -r
- - -T
- - /home/esr/tomcat
- - /opt/tomcat
- securityContext:
- privileged: true
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: create-tomcat-dir
- volumeMounts:
- - name: tomcat-workdir
- mountPath: /opt/tomcat
-
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_ADDR
- value: {{ tpl .Values.msbaddr . }}
- volumeMounts:
- - name: tomcat-workdir
- mountPath: /home/esr/tomcat/
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- volumes:
- - name: tomcat-workdir
- emptyDir: {}
-
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "aai-esr-gui",
- "version": "v1",
- "url": "/esr-gui",
- "protocol": "UI",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"1",
- "path":"/iui/aai-esr-gui"
- }
- ]'
-spec:
- ports:
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/aai/esr-gui:1.4.0
-pullPolicy: Always
-msbaddr: msb-iag.{{ include "common.namespace" . }}:443
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- name: esr-gui
- internalPort: 8080
-
-ingress:
- enabled: false
-
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~8.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: repositoryGenerator
- version: ~8.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"]
- #If enable will do load balancing among availabe Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-
-<configuration scan="{{ .Values.log.scan.enabled }}" debug="{{ .Values.log.debug }}">
-
- <property name="componentName" value='{{default "UNSET_COMPONENT" .Values.log.componentName}}'/>
- <property name="subcomponentName" value='{{default "UNSET_SUBCOMPONENT" .Values.log.subcomponentName}}'/>
-
- <property name="logDir" value="{{ .Values.log.logDir }}" />
- <property name="queueSize" value="{{ .Values.log.queueSize }}"/>
-
- <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
- <property name="p_lvl" value="%level"/>
- <property name="p_log" value="%logger"/>
- <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
- <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_thr" value="%thread"/>
- <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
-
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
-
- <property name="errorPattern" value="${p_tim}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
- <property name="debugPattern" value="${p_tim}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
- <property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" />
- <property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
-
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
-
- <!-- Console (human-readable) logging -->
- <property name="consolePattern" value="%nopexception${p_log}\t${p_tim}\t${p_lvl}\t%message\t${p_mdc}\t%rootException\t${p_mak}\t${p_thr}%n"/>
-
- <appender name="EELFAudit"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.log.%d</fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>${auditPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
-
- <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${metricsLogName}.log.%d</fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>${metricPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFMetrics"/>
- </appender>
-
- <appender name="EELFError"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${errorLogName}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.log.%d</fileNamePattern>
- </rollingPolicy>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <encoder>
- <pattern>${errorPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFError"/>
- </appender>
-
- <appender name="EELFDebug"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${debugLogName}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.log.%d</fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>${debugPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>true</includeCallerData>
- </appender>
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <pattern>${consolePattern}</pattern>
- </encoder>
- </appender>
-
- <logger name="com.att.eelf.audit" level="info" additivity="false">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
-
- <logger name="com.att.eelf.metrics" level="info" additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
-
- <logger name="com.att.eelf.error" level="debug" additivity="false">
- <appender-ref ref="asyncEELFError" />
- </logger>
-
- <root level="{{ .Values.log.root.level }}">
- <appender-ref ref="asyncEELFDebug" />
- <appender-ref ref="STDOUT" />
- </root>
-
-</configuration>
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ .Chart.Name }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-esr-filebeat-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- securityContext:
- runAsUser: 1000
- runAsGroup: 1001
- fsGroup: 1001
- initContainers:
- - command:
- - cp
- args:
- - -r
- - -T
- - /home/esr/conf
- - /opt/conf
- securityContext:
- privileged: true
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: create-conf-dir
- volumeMounts:
- - name: conf-dir
- mountPath: /opt/conf
-
- containers:
- - name: {{ .Chart.Name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_ADDR
- value: {{ tpl .Values.msbaddr . }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /home/esr/works/logs
- name: {{ include "common.fullname" . }}-logs
- - mountPath: /home/esr/conf
- name: conf-dir
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- # Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- securityContext:
- runAsUser: 1000
- runAsGroup: 1000
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap/esr/esr-server
- - mountPath: /opt/ajsc/etc/config/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
- subPath: logback.xml
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-log-conf
- configMap:
- name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.fullname" . }}-esr-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: conf-dir
- emptyDir: {}
-
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "aai-esr-server",
- "version": "v1",
- "url": "/api/aai-esr-server/v1",
- "protocol": "REST",
- "port": "{{.Values.service.internalPort}}",
- "enable_ssl": true,
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
-
-subChartsOnly:
- enabled: true
-
-# application image
-image: onap/aai/esr-server:1.5.2
-pullPolicy: Always
-msbaddr: msb-iag.{{ include "common.namespace" . }}:443
-
-# application configuration
-config:
- logstashServiceName: log-ls
- logstashPort: 5044
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: esr-server
- portName: esr-server
- externalPort: 9518
- internalPort: 9518
-
-ingress:
- enabled: false
-
-log:
- componentName: esr
- subcomponentName: esr-server
- debug: true
- scan:
- enabled: false
- logDir: /var/log/onap
- queueSize: 256
- root:
- level: INFO
-
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: esr-gui
- version: ~8.x-0
- repository: 'file://components/esr-gui'
- condition: esr-gui.enabled
- - name: esr-server
- version: ~8.x-0
- repository: 'file://components/esr-server'
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-
-# application configuration
-config:
- logstashServiceName: log-ls
- logstashPort: 5044
-
-esr-gui:
- enabled: true
\ No newline at end of file
deploy() {
# validate params
- if [ -z "$1" ] || [ -z "$2" ]; then
+ if [ -z "$1" ] || [ -z "$2" ]; then
usage
- exit 0
+ exit 1
fi
RELEASE=$1
CHART_URL=$2
- FLAGS=${@:3}
- CHART_REPO="$(echo "$CHART_URL" |cut -d'/' -f1)"
- CHART_NAME="$(echo "$CHART_URL" |cut -d'/' -f2)"
+ FLAGS=$(echo ${@} | sed 's/^ *[^ ]* *[^ ]* *//')
+ CHART_REPO="$(echo "$CHART_URL" | cut -d'/' -f1)"
+ CHART_NAME="$(echo "$CHART_URL" | cut -d'/' -f2)"
if expr "$HELM_VER" : "v3\..*" ; then
CACHE_DIR=~/.local/share/helm/plugins/deploy/cache
else
fi
# determine if set-last-applied flag is enabled
SET_LAST_APPLIED="false"
- if expr"$FLAGS" : ".*--set-last-applied.*" ; then
+ if expr "$FLAGS" : ".*--set-last-applied.*" ; then
FLAGS="$(echo $FLAGS| sed -n 's/--set-last-applied//p')"
SET_LAST_APPLIED="true"
fi
fi
if [ "$DELAY" = "true" ]; then
echo sleep 3m
- sleep 3m
+ sleep 180
fi
else
array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}"))
usage
;;
*)
- deploy $1 $2 ${@:3}
+ deploy $1 $2 $(echo ${@} | sed 's/^ *[^ ]* *[^ ]* *//')
;;
esac
done
}
-if [ $# < 1 ]; then
+if [ -z "$1" ]; then
echo "Error: command 'undeploy' requires a release name"
- exit 0
+ exit 1
fi
case "${1:-"help"}" in
usage
;;
*)
- undeploy $1 ${@:2}
+ undeploy $1 $(echo ${@} | sed 's/^ *[^ ]* *//')
;;
esac
-exit 0
\ No newline at end of file
+exit 0
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/engine-management:1.3.3
+image: onap/holmes/engine-management:9.0.0
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/rule-management:1.3.3
+image: onap/holmes/rule-management:9.0.0
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
.project
.idea/
*.tmproj
+components/
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
# application image
flavor: small
-image: onap/modeling/etsicatalog:1.0.10
+image: onap/modeling/etsicatalog:1.0.11
pullPolicy: Always
#Istio sidecar injection policy
.project
.idea/
*.tmproj
+components/
# If the user is trying to run Consul directly with some arguments, then
# pass them to Consul.
-if [ "${1:0:1}" = '-' ]; then
+if echo "$1" | grep '^-' >/dev/null; then
set -- consul "$@"
fi
.project
.idea/
*.tmproj
+components/
global:
nodePortPrefixExt: 304
persistence: {}
- artifactImage: onap/multicloud/framework-artifactbroker:1.6.0
+ artifactImage: onap/multicloud/framework-artifactbroker:1.7.0
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/k8s:0.8.2
+image: onap/multicloud/k8s:0.9.0
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
global:
nodePortPrefix: 302
- artifactImage: onap/multicloud/framework-artifactbroker:1.6.0
+ artifactImage: onap/multicloud/framework-artifactbroker:1.7.0
prometheus:
enabled: false
persistence: {}
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/framework:1.6.0
+image: onap/multicloud/framework:1.7.0
pullPolicy: Always
#Istio sidecar injection policy
multicloud-prometheus:
enabled: false
multicloud-starlingx:
- enabled: true
+ enabled: false
multicloud-vio:
- enabled: true
+ enabled: false
multicloud-windriver:
- enabled: true
+ enabled: false
# application configuration
config:
db:
externalSecret: *dbUserSecretName
name: &mysqlDbName nbi
+ service:
+ name: nbi-galera
+ portName: nbi-galera
+ internalPort: 3306
nameOverride: &nbi-galera nbi-galera
replicaCount: 1
persistence:
version: ~8.x-0
repository: '@local'
condition: dmaap.enabled
- - name: esr
- version: ~8.x-0
- repository: '@local'
- condition: esr.enabled
- name: log
version: ~8.x-0
repository: '@local'
enabled: false
dmaap:
enabled: true
-esr:
- enabled: false
log:
enabled: false
mariadb-galera:
enabled: false
dmaap:
enabled: false
-esr:
- enabled: false
log:
enabled: false
log-logstash:
enabled: false
dmaap:
enabled: false
-esr:
- enabled: false
log:
enabled: false
sniro-emulator:
enabled: false
dmaap:
enabled: true
-esr:
- enabled: false
log:
enabled: false
mariadb-galera:
enabled: false
dmaap:
enabled: true
-esr:
- enabled: true
log:
enabled: true
sniro-emulator:
aai:
enabled: true
appc:
- enabled: true
+ enabled: false
cds:
enabled: true
clamp:
enabled: true
dmaap:
enabled: true
-esr:
- enabled: true
oof:
enabled: true
msb:
aai:
enabled: true
appc:
- enabled: true
+ enabled: false
cds:
enabled: true
clamp:
enabled: true
dmaap:
enabled: true
-esr:
- enabled: true
oof:
enabled: true
msb:
enabled: false
holmes:
enabled: false
-esr:
- enabled: false
log:
enabled: false
mariadb-galera:
dockerHubRepository: &dockerHubRepository docker.io
elasticRepository: &elasticRepository docker.elastic.co
googleK8sRepository: k8s.gcr.io
-
+ githubContainerRegistry: ghcr.io
#/!\ DEPRECATED /!\
# Legacy repositories which will be removed at the end of migration.
enabled: false
dmaap:
enabled: false
-esr:
- enabled: false
# Today, "logging" chart that perform the central part of logging must also be
# enabled in order to make it work. So `logging.enabled` must have the same
# value than centralizedLoggingEnabled
+++ /dev/null
-components/
+++ /dev/null
-# Copyright © 2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: Chart for Change Management Service Orchestrator (CMSO) Optimizer
-name: oof-cmso-optimizer
-version: 8.0.0
+++ /dev/null
-{{/*
-#-------------------------------------------------------------------------------
-# ============LICENSE_START==============================================
-# Copyright (c) 2019 AT&T Intellectual Property.
-# =======================================================================
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a
-# copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-# ============LICENSE_END=================================================
-#
-#-------------------------------------------------------------------------------
-*/}}
-cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
-
+++ /dev/null
-{{/*
-###
-# Copyright (c) 2019 AT&T Intellectual Property.
-# Modifications Copyright (c) 2018 IBM.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Unless otherwise specified, all documentation contained herein is licensed
-# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
-# you may not use this documentation except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://creativecommons.org/licenses/by/4.0/
-#
-# Unless required by applicable law or agreed to in writing, documentation
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-*/}}
-spring.datasource.jdbcUrl=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}?createDatabaseIfNotExist=true
-spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
-spring.datasource.username=${DB_USERNAME}
-spring.datasource.password=${DB_PASSWORD}
-
-spring.datasource.initialize=false
-spring.datasource.tomcat.max-wait=10000
-spring.datasource.tomcat.initialSize=5
-spring.datasource.tomcat.max-active=25
-spring.datasource.tomcat.test-on-borrow=true
-
-
-changeLogFile=optimizer-liquibase-changeLog.xml
+++ /dev/null
-<?xml version = "1.0" encoding = "UTF-8" ?>
-<!--
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-<configuration>
- <jmxConfigurator />
- <!-- Example evaluator filter applied against console appender -->
-<property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
- <property name="p_lvl" value="%level"/>
- <property name="p_log" value="%logger"/>
- <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
- <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_thr" value="%thread"/>
- <property name="defaultPattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
- <property name="debugPattern" value="%nopexception${p_tim}|${p_lvl}|${p_mdc}|${p_exc}|%msg%n"/>
-
- <!-- Example evaluator filter applied against console appender -->
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <encoder>
- <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="ERROR"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <file>${logDirectory}/error2.log</file>
- <append>true</append>
- <encoder>
- <pattern>${defaultPattern}</pattern>
- </encoder>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>${outputDirectory}/cmso/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
-
- <appender name="DEBUG"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/debug.log</file>
- <append>true</append>
- <encoder>
- <pattern>${debugPattern}</pattern>
- </encoder>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>${outputDirectory}/cmso/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- </appender>
-
-
- <appender name="AUDIT"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/audit.log</file>
- <append>true</append>
- <encoder>
- <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
- </pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/audit.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="asyncEELFAudit"
- class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="AUDIT" />
- </appender>
-
- <appender name="METRIC"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/metric.log</file>
- <append>true</append>
- <encoder>
- <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|
- %msg%n</pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/metric.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="asyncEELFMetrics"
- class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="METRIC" />
- </appender>
-
- <!-- SECURITY related loggers -->
- <appender name="SECURITY"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/security.log</file>
- <append>true</append>
- <encoder>
- <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
- </pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/security.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="asyncEELFSecurity"
- class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="SECURITY" />
- </appender>
- <!-- AAF related loggers -->
- <logger name="org.onap.aaf" level="INFO" additivity="true">
- <appender-ref ref="DEBUG" />
- </logger>
- <logger name="org.apache.catalina.core" level="INFO"
- additivity="true">
- <appender-ref ref="DEBUG" />
- </logger>
- <logger name="org.onap.cmso" level="INFO"
- additivity="true">
- <appender-ref ref="ERROR" />
- </logger>
-
- <!-- CLDS related loggers -->
- <logger name="com.att.eelf.error" level="OFF" additivity="true">
- <appender-ref ref="ERROR" />
- </logger>
- <!-- EELF related loggers -->
- <logger name="com.att.eelf.audit" level="INFO"
- additivity="false">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger name="com.att.eelf.metrics" level="DEBUG"
- additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
- <logger name="com.att.eelf.security" level="DEBUG"
- additivity="false">
- <appender-ref ref="asyncEELFSecurity" />
- </logger>
-
- <!-- Spring related loggers -->
- <logger name="org.springframework" level="DEBUG" />
-
- <!-- Other Loggers that may help troubleshoot -->
- <logger name="org.apache" level="DEBUG" />
-
- <!-- logback internals logging -->
- <logger name="ch.qos.logback.classic" level="INFO" />
- <logger name="ch.qos.logback.core" level="INFO" />
-
- <!-- logback jms appenders & loggers definition starts here -->
- <appender name="auditLogs"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- </filter>
- <file>${logDirectory}/Audit-${lrmRVer}-${lrmRO}-${Pid}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/Audit-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip
- </fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
- <appender name="perfLogs"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- </filter>
- <file>${logDirectory}/Perform-${lrmRVer}-${lrmRO}-${Pid}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/Perform-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip
- </fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
- <logger name="AuditRecord" level="INFO" additivity="FALSE">
- <appender-ref ref="auditLogs" />
- </logger>
- <logger name="AuditRecord_DirectCall" level="INFO"
- additivity="FALSE">
- <appender-ref ref="auditLogs" />
- </logger>
- <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
- <appender-ref ref="perfLogs" />
- </logger>
- <!-- logback jms appenders & loggers definition ends here -->
-
- <root level="INFO">
- <appender-ref ref="DEBUG" />
- <appender-ref ref="STDOUT" />
- </root>
-</configuration>
-
+++ /dev/null
-{{/*
-#-------------------------------------------------------------------------------
-# ============LICENSE_START==============================================
-# Copyright (c) 2019 AT&T Intellectual Property.
-# =======================================================================
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a
-# copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-# ============LICENSE_END=================================================
-#
-#-------------------------------------------------------------------------------
-*/}}
-spring.datasource.url=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}
-spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
-spring.datasource.username=${DB_USERNAME}
-spring.datasource.password=${DB_PASSWORD}
-cmso.database.password=${DB_PASSWORD}
-
-spring.datasource.initialize=false
-spring.datasource.tomcat.max-wait=10000
-spring.datasource.tomcat.initialSize=5
-spring.datasource.tomcat.max-active=25
-spring.datasource.tomcat.test-on-borrow=true
-
-spring.jpa.show-sql=false
-spring.jpa.hibernate.ddl-auto=none
-spring.jpa.hibernate.naming.strategy=org.hibernate.cfg.EJB3NamingStrategy
-spring.jpa.database-platform=org.hibernate.dialect.MySQL5InnoDBDialect
-spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
-spring.jpa.hibernate.id.new_generator_mappings=false
-hibernate.id.new_generator_mappings=false
-
-logging.level.org.hibernate.SQL=WARN
-logging.level.org.hibernate=WARN
-#-------------------------------------------------------------------------------
-
-
-cmso.topology.create.request.url=https://oof-cmso-topology:7998/topology/v1/current
-cmso.ticket.create.request.url=https://oof-cmso-ticketmgt:7999/ticketmgt/v1/activetickets
-cmso.local.policy.folder=data/policies
-
-cmso.minizinc.command.exe=/mz-dist/bin/minizinc
-cmso.minizinc.command.solver=OSICBC
-cmso.minizinc.command.timelimit=60000
-cmso.minizinc.command.mzn=scripts/minizinc/generic_attributes.mzn
-
-mechid.user=${AAF_USER}
-mechid.pass=${AAF_PASSWORD}
-
-aaf.urls=https://aaf-locate:8095
-aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
-aaf.enabled=true
-aaf.namespace=org.onap.oof
-
-cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
-aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T
-# Copyright (C) 2020 Wipro Limited.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /app/ready.py
- args:
- - --container-name
- - {{ .Values.config.db.container }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - name: {{ include "common.name" . }}-db-config-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-cmso-db-config-config-job"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - name: {{ include "common.name" . }}-chown
- command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
- - name: db-init
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbinit.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: DB_HOST
- value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- - name: DB_PORT
- value: {{ .Values.config.db.port | quote}}
- - name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- - name: DB_SCHEMA
- value: {{ .Values.config.db.mysqlDatabase }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
- terminationMessagePolicy: File
- volumeMounts:
- - name: {{ include "common.fullname" . }}-config
- mountPath: /share/etc/config
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: DB_HOST
- value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- - name: DB_PORT
- value: {{ .Values.config.db.port | quote}}
- - name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- - name: DB_SCHEMA
- value: {{ .Values.config.db.mysqlDatabase }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
- - name: JAVA_TRUSTSTORE
- value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
- - name: SSL_KEYSTORE
- value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
- - name: JAVA_TRUSTSTORE_PASSWORD
- value: {{ .Values.global.truststorePassword }}
- - name: AUTHENTICATION
- value: {{ .Values.global.authentication }}
- - name: AAF_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "login") | indent 10}}
- - name: AAF_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "password") | indent 10}}
- - name: VM_ARGS
- value: "-Dcom.att.eelf.logging.file=logback.xml -Dcom.att.eelf.logging.path=/share/etc/config"
- command:
- - /bin/sh
- args:
- - "-c"
- - |
- export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
- ./startService.sh
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 8 }}
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/debug-logs
- - name: {{ include "common.fullname" . }}-config
- mountPath: /share/etc/config
- - name: {{ include "common.fullname" . }}-certs
- mountPath: /share/etc/certs
- - name: {{ include "common.fullname" . }}-certs
- mountPath: /opt/app/cmso/src/main/resources/aaf
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: logback.xml
- path: logback.xml
- - key: cadi.properties
- path: cadi.properties
- - key: optimizer.properties
- path: optimizer.properties
- - key: liquibase.properties
- path: liquibase.properties
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-certs
- secret:
- secretName: {{ include "common.release" . }}-{{ .Values.global.commonConfigPrefix }}-certs
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2019 AT&T
-# Copyright (C) 2020 Wipro Limited.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global: # global defaults
- nodePortPrefix: 302
- readinessImage: onap/oom/readiness:3.0.1
-
-subChartsOnly:
- enabled: true
-
-# application image
-image: onap/optf-cmso-optimizer:2.3.4
-pullPolicy: Always
-
-#init container image
-dbinit:
- image: onap/optf-cmso-dbinit:2.3.4
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: cmso-db-user-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.db.user }}'
- password: '{{ .Values.config.db.password }}'
- passwordPolicy: required
- - uid: cmso-aaf-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.aaf.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.aaf.user }}'
- password: '{{ .Values.config.aaf.password }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 120
- periodSeconds: 10
-
-
-service:
- type: ClusterIP
- name: oof-cmso-optimizer
- portName: cmso
- internalPort: 7997
- externalPort: 7997
- #nodePort: 23
- # as of 20181022 port 23 is reserved for cmso
- # see https://wiki.onap.org/display/DW/OOM+NodePort+List
-
-
-config:
- aaf:
- user: user
- password: pass
-# userCredentialsExternalSecret: some-secret
- db:
- port: 3306
-# rootPassword: pass
-# rootPasswordExternalSecret: some secret
- user: cmso-admin
- password: pass
-# userCredentialsExternalSecret: some-secret
-# host: host
-# container: container
-# mysqlDatabase: optimizer
- topology_host: oof-cmso-topology
- topology_port: 7998
- ticketmgt_host: oof-cmso-ticketmgt
- ticketmgt_port: 7999
-
-ingress:
- enabled: false
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-flavor: small
-resources:
- small:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
- large:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: Chart for Change Management Service Orchestrator (CMSO) Service
-name: oof-cmso-service
-version: 8.0.0
+++ /dev/null
-{{/*
-#-------------------------------------------------------------------------------
-# ============LICENSE_START==============================================
-# Copyright (c) 2019 AT&T Intellectual Property.
-# =======================================================================
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a
-# copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-# ============LICENSE_END=================================================
-#
-#-------------------------------------------------------------------------------
-*/}}
-cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
-
+++ /dev/null
-
-#-------------------------------------------------------------------------------
-# Copyright (c) 2017-2018 AT&T Intellectual Property.
-# Modifications Copyright (c) 2018 IBM.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-# Unless otherwise specified, all documentation contained herein is licensed
-# under the Creative Commons License, Attribution 4.0 Intl. (the ???License???);
-# you may not use this documentation except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://creativecommons.org/licenses/by/4.0/
-#
-# Unless required by applicable law or agreed to in writing, documentation
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#-------------------------------------------------------------------------------
-
-#-------------------------------------------------------------------------------
-spring.datasource.url=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}
-spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
-spring.datasource.username=${DB_USERNAME}
-spring.datasource.password=${DB_PASSWORD}
-cmso.database.password=${DB_PASSWORD}
-
-spring.datasource.initialize=false
-spring.datasource.tomcat.max-wait=10000
-spring.datasource.tomcat.initialSize=5
-spring.datasource.tomcat.max-active=25
-spring.datasource.tomcat.test-on-borrow=true
-
-spring.jpa.show-sql=false
-spring.jpa.hibernate.ddl-auto=none
-spring.jpa.hibernate.naming.strategy=org.hibernate.cfg.EJB3NamingStrategy
-spring.jpa.database-platform=org.hibernate.dialect.MySQL5InnoDBDialect
-spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
-spring.jpa.hibernate.id.new_generator_mappings=false
-hibernate.id.new_generator_mappings=false
-
-logging.level.org.hibernate.SQL=WARN
-logging.level.org.hibernate=WARN
-#-------------------------------------------------------------------------------
-
-#
-cmso.aaf.enabled=false
-
-# Enable swagger - Enable in development and test only
-cmso.swagger.enabled=true
-
-# Enable schedule immediate to be dispatched without ticket approvals
-# Has no effect when in vTM loopback mode as always approved.
-cmso.cm.dispatch.immediate.enabled = true
-
-# NUmber of seconds between sniro dispatch jobs
-cmso.optimizer.job.interval.ms=10000
-
-# NUmber of seconds between change management cmso polling jobs
-# Controls frequenct of polling to the ChangeManagementScheduler table...
-cmso.cm.polling.job.interval.ms=10000
-# How many management cmso polling intervals to look ahead to dispatch
-# (To account for possible latency of the polling job)
-cmso.cm.polling.job.lookahead.intervals=5
-# Lead time before event time to enable dispatcher to
-# test that it is safe to dispatch (i.e. meeting reminder lead time)
-cmso.cm.dispatcher.lead.time.ms=5000
-# Lead time to prepare and call VID to dispatch work to MSO
-# Includes latency from VID call to the start of the workflow
-cmso.cm.dispatch.lead.time.ms=1000
-
-# Interval between polling to check status of schedules in Notifications Initiated status
-cmso.status.job.interval.ms=60000
-
-org.quartz.jobStore.class=org.quartz.simpl.RAMJobStore
-
-loopback.mso.requestId=dummy123
-
-so.polling.interval.ms=10000
-#mso.user=cmso@onap.org
-#mso.pass=enc:bfodXf8qRfCqMvlxVBYNWQ==
-
-## loopback settings
-so.url=http://127.0.0.1:5000/onap/so/infra/orchestrationRequests/v7
-so.user=${AAF_USER}
-so.pass=${AAF_USER}
-
-mechid.user=${AAF_USER}
-mechid.pass=${AAF_PASSWORD}
-
-cmso.dispatch.url=http://localhost:8089
-
-aaf.urls=https://aaf-locate:8095
-aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
-aaf.enabled=true
-aaf.namespace=org.onap.oof
-
-cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
-aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
+++ /dev/null
-{{/*
-###
-# Copyright © 2017-2018 AT&T Intellectual Property.
-# Modifications Copyright © 2018 IBM.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Unless otherwise specified, all documentation contained herein is licensed
-# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
-# you may not use this documentation except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://creativecommons.org/licenses/by/4.0/
-#
-# Unless required by applicable law or agreed to in writing, documentation
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-###
-*/}}
-spring.datasource.jdbcUrl=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}?createDatabaseIfNotExist=true
-spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
-spring.datasource.username=${DB_USERNAME}
-spring.datasource.password=${DB_PASSWORD}
-
-spring.datasource.initialize=false
-spring.datasource.tomcat.max-wait=10000
-spring.datasource.tomcat.initialSize=5
-spring.datasource.tomcat.max-active=25
-spring.datasource.tomcat.test-on-borrow=true
-
-
-#changeLogFile=calendar-liquibase-changeLog.xml
-changeLogFile=cmso-liquibase-changeLog.xml
-
-
-#spring.main.web-environment=false
-#outputChangeLogFile=src/main/resources/cmso-output-changelog.xml
-#url=jdbc:mariadb://localhost:3306/calendar
-#url=jdbc:mysql://localhost:3306/cmso
-#username=root
-#password=root
-#driver=org.mariadb.jdbc.Driver
-#driver=com.mysql.jdbc.Driver
+++ /dev/null
-<?xml version = "1.0" encoding = "UTF-8" ?>
-<!--
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-<configuration>
- <jmxConfigurator />
- <!-- Example evaluator filter applied against console appender -->
-<property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
- <property name="p_lvl" value="%level"/>
- <property name="p_log" value="%logger"/>
- <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
- <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_thr" value="%thread"/>
- <property name="defaultPattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
- <property name="debugPattern" value="%nopexception${p_tim}|${p_lvl}|${p_mdc}|${p_exc}|%msg%n"/>
-
- <!-- Example evaluator filter applied against console appender -->
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <encoder>
- <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="ERROR"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <file>${logDirectory}/error2.log</file>
- <append>true</append>
- <encoder>
- <pattern>${defaultPattern}</pattern>
- </encoder>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>${outputDirectory}/cmso/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
-
- <appender name="DEBUG"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/debug.log</file>
- <append>true</append>
- <encoder>
- <pattern>${debugPattern}</pattern>
- </encoder>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>${outputDirectory}/cmso/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- </appender>
-
-
- <appender name="AUDIT"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/audit.log</file>
- <append>true</append>
- <encoder>
- <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
- </pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/audit.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="asyncEELFAudit"
- class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="AUDIT" />
- </appender>
-
- <appender name="METRIC"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/metric.log</file>
- <append>true</append>
- <encoder>
- <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|
- %msg%n</pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/metric.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="asyncEELFMetrics"
- class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="METRIC" />
- </appender>
-
- <!-- SECURITY related loggers -->
- <appender name="SECURITY"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/security.log</file>
- <append>true</append>
- <encoder>
- <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
- </pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/security.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="asyncEELFSecurity"
- class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="SECURITY" />
- </appender>
- <!-- AAF related loggers -->
- <logger name="org.onap.aaf" level="INFO" additivity="true">
- <appender-ref ref="DEBUG" />
- </logger>
- <logger name="org.apache.catalina.core" level="INFO"
- additivity="true">
- <appender-ref ref="DEBUG" />
- </logger>
- <logger name="org.onap.cmso" level="INFO"
- additivity="true">
- <appender-ref ref="ERROR" />
- </logger>
-
- <!-- CLDS related loggers -->
- <logger name="com.att.eelf.error" level="OFF" additivity="true">
- <appender-ref ref="ERROR" />
- </logger>
- <!-- EELF related loggers -->
- <logger name="com.att.eelf.audit" level="INFO"
- additivity="false">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger name="com.att.eelf.metrics" level="DEBUG"
- additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
- <logger name="com.att.eelf.security" level="DEBUG"
- additivity="false">
- <appender-ref ref="asyncEELFSecurity" />
- </logger>
-
- <!-- Spring related loggers -->
- <logger name="org.springframework" level="DEBUG" />
-
- <!-- Other Loggers that may help troubleshoot -->
- <logger name="org.apache" level="DEBUG" />
-
- <!-- logback internals logging -->
- <logger name="ch.qos.logback.classic" level="INFO" />
- <logger name="ch.qos.logback.core" level="INFO" />
-
- <!-- logback jms appenders & loggers definition starts here -->
- <appender name="auditLogs"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- </filter>
- <file>${logDirectory}/Audit-${lrmRVer}-${lrmRO}-${Pid}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/Audit-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip
- </fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
- <appender name="perfLogs"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- </filter>
- <file>${logDirectory}/Perform-${lrmRVer}-${lrmRO}-${Pid}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/Perform-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip
- </fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
- <logger name="AuditRecord" level="INFO" additivity="FALSE">
- <appender-ref ref="auditLogs" />
- </logger>
- <logger name="AuditRecord_DirectCall" level="INFO"
- additivity="FALSE">
- <appender-ref ref="auditLogs" />
- </logger>
- <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
- <appender-ref ref="perfLogs" />
- </logger>
- <!-- logback jms appenders & loggers definition ends here -->
-
- <root level="INFO">
- <appender-ref ref="DEBUG" />
- <appender-ref ref="STDOUT" />
- </root>
-</configuration>
-
+++ /dev/null
-{{/*
-#-------------------------------------------------------------------------------
-# Copyright (c) 2017-2018 AT&T Intellectual Property.
-# Modifications Copyright (c) 2018 IBM.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Unless otherwise specified, all documentation contained herein is licensed
-# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
-# you may not use this documentation except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://creativecommons.org/licenses/by/4.0/
-#
-# Unless required by applicable law or agreed to in writing, documentation
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-*/}}
-
-cmso.optimizer.request.url=https://oof-cmso-optimizer:7997/optimizer/v1/optimize/schedule
-cmso.optimizer.status.url=https://oof-cmso-optimizer:7997/optimizer/v1/optimize/schedule
-cmso.optimizer.health.url=https://oof-cmso-optimizer:7997/optimizer/v1/health?checkInterfaces=true
+++ /dev/null
-{{/*
-#-------------------------------------------------------------------------------
-# Copyright © 2017-2018 AT&T Intellectual Property.
-# Modifications Copyright © 2018 IBM.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Unless otherwise specified, all documentation contained herein is licensed
-# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
-# you may not use this documentation except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://creativecommons.org/licenses/by/4.0/
-#
-# Unless required by applicable law or agreed to in writing, documentation
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-*/}}
-
-tm.vnfs.per.ticket=1
-tm.getPath=http://localhost:8089/cmso/v1/tm/getChangeRecord
-tm.createPath=http://localhost:8089/cmso/v1/tm/createChangeRecord
-tm.closePath=http://localhost:8089/cmso/v1/tm/closeCancelChangeRecord
-tm.updatePath=http://localhost:8089/cmso/v1/tm/updateChangeRecord
-tm.approvalStatus=Approved|Scheduled,Approved|Assigned
-tm.template.folder=data/templates/tm
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright (c) 2018 AT&T
-# Copyright (C) 2020 Wipro Limited.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /app/ready.py
- args:
- - --container-name
- - {{ .Values.config.db.container }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - name: {{ include "common.name" . }}-db-config-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-cmso-db-config-config-job"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - name: {{ include "common.name" . }}-chown
- command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
- - name: db-init
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbinit.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: DB_HOST
- value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- - name: DB_PORT
- value: {{ .Values.config.db.port | quote}}
- - name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- - name: DB_SCHEMA
- value: {{ .Values.config.db.mysqlDatabase }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
- terminationMessagePolicy: File
- volumeMounts:
- - name: {{ include "common.fullname" . }}-config
- mountPath: /share/etc/config
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
- containers:
- # side car containers
- - name: filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- name: filebeat-conf
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
- - mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-filebeat
- resources:
-{{ include "common.resources" . }}
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: DB_HOST
- value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- - name: DB_PORT
- value: {{ .Values.config.db.port | quote}}
- - name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- - name: DB_SCHEMA
- value: {{ .Values.config.db.mysqlDatabase }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
- - name: JAVA_TRUSTSTORE
- value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
- - name: SSL_KEYSTORE
- value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
- - name: JAVA_TRUSTSTORE_PASSWORD
- value: {{ .Values.global.truststorePassword }}
- - name: AUTHENTICATION
- value: {{ .Values.global.authentication }}
- - name: AAF_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "login") | indent 10}}
- - name: AAF_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "password") | indent 10}}
- - name: VM_ARGS
- value: "-Dcom.att.eelf.logging.file=logback.xml -Dcom.att.eelf.logging.path=/share/etc/config"
- command:
- - /bin/sh
- args:
- - "-c"
- - |
- export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
- ./startService.sh
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 8 }}
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/debug-logs
- - name: {{ include "common.fullname" . }}-config
- mountPath: /share/etc/config
- - name: {{ include "common.fullname" . }}-certs
- mountPath: /share/etc/certs
- - name: {{ include "common.fullname" . }}-certs
- mountPath: /opt/app/cmso/src/main/resources/aaf
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: logback.xml
- path: logback.xml
- - key: cmso.properties
- path: cmso.properties
- - key: cadi.properties
- path: cadi.properties
- - key: optimizer.properties
- path: optimizer.properties
- - key: ticketmgt.properties
- path: ticketmgt.properties
- - key: liquibase.properties
- path: liquibase.properties
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-filebeat
- emptyDir: {}
- - name: filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-cmso-filebeat-configmap
- - name: {{ include "common.fullname" . }}-certs
- secret:
- secretName: {{ include "common.release" . }}-{{ .Values.global.commonConfigPrefix }}-certs
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018-2019 AT&T
-# Copyright (C) 2020 Wipro Limited.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global: # global defaults
- nodePortPrefix: 302
-
-subChartsOnly:
- enabled: true
-
-# application image
-image: onap/optf-cmso-service:2.3.4
-pullPolicy: Always
-
-#init container image
-dbinit:
- image: onap/optf-cmso-dbinit:2.3.4
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: cmso-db-user-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.db.user }}'
- password: '{{ .Values.config.db.password }}'
- passwordPolicy: required
- - uid: cmso-aaf-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.aaf.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.aaf.user }}'
- password: '{{ .Values.config.aaf.password }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 120
- periodSeconds: 10
-
-
-service:
- type: ClusterIP
- name: oof-cmso
- portName: cmso
- internalPort: 8080
- externalPort: 8080
- #nodePort: 23
- # as of 20181022 port 23 is reserved for cmso
- # see https://wiki.onap.org/display/DW/OOM+NodePort+List
-
-
-config:
- aaf:
- user: user
- password: pass
-# userCredentialsExternalSecret: some-secret
- db:
- port: 3306
-# rootPassword: pass
-# rootPasswordExternalSecret: some secret
- user: cmso-admin
- password: pass
-# userCredentialsExternalSecret: some-secret
-# host: host
-# container: container
-# mysqlDatabase: cmso
- optimizer_host: oof-cmso-optimizer
- optimizer_port: 7997
-
-
-ingress:
- enabled: false
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-flavor: small
-resources:
- small:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
- large:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: Chart for Change Management Service Orchestrator (CMSO) Ticket Management
-name: oof-cmso-ticketmgt
-version: 8.0.0
+++ /dev/null
-{{/*
-#-------------------------------------------------------------------------------
-# ============LICENSE_START==============================================
-# Copyright (c) 2019 AT&T Intellectual Property.
-# =======================================================================
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a
-# copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-# ============LICENSE_END=================================================
-#
-#-------------------------------------------------------------------------------
-*/}}
-cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
-
+++ /dev/null
-<?xml version = "1.0" encoding = "UTF-8" ?>
-<!--
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-<configuration>
- <jmxConfigurator />
- <!-- Example evaluator filter applied against console appender -->
-<property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
- <property name="p_lvl" value="%level"/>
- <property name="p_log" value="%logger"/>
- <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
- <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_thr" value="%thread"/>
- <property name="defaultPattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
- <property name="debugPattern" value="%nopexception${p_tim}|${p_lvl}|${p_mdc}|${p_exc}|%msg%n"/>
-
- <!-- Example evaluator filter applied against console appender -->
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <encoder>
- <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="ERROR"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <file>${logDirectory}/error2.log</file>
- <append>true</append>
- <encoder>
- <pattern>${defaultPattern}</pattern>
- </encoder>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>${outputDirectory}/cmso/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
-
- <appender name="DEBUG"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/debug.log</file>
- <append>true</append>
- <encoder>
- <pattern>${debugPattern}</pattern>
- </encoder>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>${outputDirectory}/cmso/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- </appender>
-
-
- <appender name="AUDIT"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/audit.log</file>
- <append>true</append>
- <encoder>
- <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
- </pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/audit.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="asyncEELFAudit"
- class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="AUDIT" />
- </appender>
-
- <appender name="METRIC"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/metric.log</file>
- <append>true</append>
- <encoder>
- <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|
- %msg%n</pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/metric.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="asyncEELFMetrics"
- class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="METRIC" />
- </appender>
-
- <!-- SECURITY related loggers -->
- <appender name="SECURITY"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/security.log</file>
- <append>true</append>
- <encoder>
- <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
- </pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/security.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="asyncEELFSecurity"
- class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="SECURITY" />
- </appender>
- <!-- AAF related loggers -->
- <logger name="org.onap.aaf" level="INFO" additivity="true">
- <appender-ref ref="DEBUG" />
- </logger>
- <logger name="org.apache.catalina.core" level="INFO"
- additivity="true">
- <appender-ref ref="DEBUG" />
- </logger>
- <logger name="org.onap.cmso" level="INFO"
- additivity="true">
- <appender-ref ref="ERROR" />
- </logger>
-
- <!-- CLDS related loggers -->
- <logger name="com.att.eelf.error" level="OFF" additivity="true">
- <appender-ref ref="ERROR" />
- </logger>
- <!-- EELF related loggers -->
- <logger name="com.att.eelf.audit" level="INFO"
- additivity="false">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger name="com.att.eelf.metrics" level="DEBUG"
- additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
- <logger name="com.att.eelf.security" level="DEBUG"
- additivity="false">
- <appender-ref ref="asyncEELFSecurity" />
- </logger>
-
- <!-- Spring related loggers -->
- <logger name="org.springframework" level="DEBUG" />
-
- <!-- Other Loggers that may help troubleshoot -->
- <logger name="org.apache" level="DEBUG" />
-
- <!-- logback internals logging -->
- <logger name="ch.qos.logback.classic" level="INFO" />
- <logger name="ch.qos.logback.core" level="INFO" />
-
- <!-- logback jms appenders & loggers definition starts here -->
- <appender name="auditLogs"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- </filter>
- <file>${logDirectory}/Audit-${lrmRVer}-${lrmRO}-${Pid}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/Audit-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip
- </fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
- <appender name="perfLogs"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- </filter>
- <file>${logDirectory}/Perform-${lrmRVer}-${lrmRO}-${Pid}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/Perform-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip
- </fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
- <logger name="AuditRecord" level="INFO" additivity="FALSE">
- <appender-ref ref="auditLogs" />
- </logger>
- <logger name="AuditRecord_DirectCall" level="INFO"
- additivity="FALSE">
- <appender-ref ref="auditLogs" />
- </logger>
- <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
- <appender-ref ref="perfLogs" />
- </logger>
- <!-- logback jms appenders & loggers definition ends here -->
-
- <root level="INFO">
- <appender-ref ref="DEBUG" />
- <appender-ref ref="STDOUT" />
- </root>
-</configuration>
-
+++ /dev/null
-{{/*
-#-------------------------------------------------------------------------------
-# Copyright © 2017-2019 AT&T Intellectual Property.
-# Modifications Copyright © 2018 IBM.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-# Unless otherwise specified, all documentation contained herein is licensed
-# under the Creative Commons License, Attribution 4.0 Intl. (the â??Licenseâ?\9d);
-# you may not use this documentation except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://creativecommons.org/licenses/by/4.0/
-#
-# Unless required by applicable law or agreed to in writing, documentation
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#-------------------------------------------------------------------------------
-*/}}
-cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
-aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
-
-aaf.urls=https://aaf-locate:8095
-aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
-aaf.enabled=true
-aaf.namespace=org.onap.oof
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-chown
- command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: JAVA_TRUSTSTORE
- value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
- - name: SSL_KEYSTORE
- value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
- - name: JAVA_TRUSTSTORE_PASSWORD
- value: {{ .Values.global.truststorePassword }}
- - name: AUTHENTICATION
- value: proprietary-auth
- - name: VM_ARGS
- value: "-Dcom.att.eelf.logging.file=logback.xml -Dcom.att.eelf.logging.path=/share/etc/config"
- command:
- - /bin/sh
- args:
- - "-c"
- - |
- export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
- ./startService.sh
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 8 }}
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/debug-logs
- - name: {{ include "common.fullname" . }}-config
- mountPath: /share/etc/config
- - name: {{ include "common.fullname" . }}-certs
- mountPath: /share/etc/certs
- - name: {{ include "common.fullname" . }}-certs
- mountPath: /opt/app/cmso/src/main/resources/aaf
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: logback.xml
- path: logback.xml
- - key: ticketmgt.properties
- path: ticketmgt.properties
- - key: cadi.properties
- path: cadi.properties
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-certs
- secret:
- secretName: {{ include "common.release" . }}-{{ .Values.global.commonConfigPrefix }}-certs
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright (c) 2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global: # global defaults
- nodePortPrefix: 302
- readinessImage: onap/oom/readiness:3.0.1
- authentication: proprietary-auth
-subChartsOnly:
- enabled: true
-
-# application image
-image: onap/optf-cmso-ticketmgt:2.3.4
-pullPolicy: Always
-
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 120
- periodSeconds: 10
-
-
-service:
- type: ClusterIP
- name: oof-cmso-ticketmgt
- portName: cmso-ticketmgt
- internalPort: 7999
- externalPort: 7999
- #nodePort: 23
- # as of 20181022 port 23 is reserved for cmso
- # see https://wiki.onap.org/display/DW/OOM+NodePort+List
-
-
-config:
-
-
-ingress:
- enabled: false
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-flavor: small
-resources:
- small:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
- large:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: Chart for Change Management Service Orchestrator (CMSO) Service
-name: oof-cmso-topology
-version: 8.0.0
+++ /dev/null
-{{/*
-#-------------------------------------------------------------------------------
-# ============LICENSE_START==============================================
-# Copyright (c) 2019 AT&T Intellectual Property.
-# =======================================================================
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain a
-# copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
-# or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-# ============LICENSE_END=================================================
-#
-#-------------------------------------------------------------------------------
-*/}}
-cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
-
+++ /dev/null
-<?xml version = "1.0" encoding = "UTF-8" ?>
-<!--
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
--->
-<configuration>
- <jmxConfigurator />
- <!-- Example evaluator filter applied against console appender -->
-<property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
- <property name="p_lvl" value="%level"/>
- <property name="p_log" value="%logger"/>
- <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
- <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_thr" value="%thread"/>
- <property name="defaultPattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
- <property name="debugPattern" value="%nopexception${p_tim}|${p_lvl}|${p_mdc}|${p_exc}|%msg%n"/>
-
- <!-- Example evaluator filter applied against console appender -->
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <encoder>
- <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="ERROR"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <file>${logDirectory}/error2.log</file>
- <append>true</append>
- <encoder>
- <pattern>${defaultPattern}</pattern>
- </encoder>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>${outputDirectory}/cmso/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
-
- <appender name="DEBUG"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/debug.log</file>
- <append>true</append>
- <encoder>
- <pattern>${debugPattern}</pattern>
- </encoder>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>${outputDirectory}/cmso/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- </appender>
-
-
- <appender name="AUDIT"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/audit.log</file>
- <append>true</append>
- <encoder>
- <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
- </pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/audit.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="asyncEELFAudit"
- class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="AUDIT" />
- </appender>
-
- <appender name="METRIC"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/metric.log</file>
- <append>true</append>
- <encoder>
- <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|
- %msg%n</pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/metric.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="asyncEELFMetrics"
- class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="METRIC" />
- </appender>
-
- <!-- SECURITY related loggers -->
- <appender name="SECURITY"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/security.log</file>
- <append>true</append>
- <encoder>
- <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
- </pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/security.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="asyncEELFSecurity"
- class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="SECURITY" />
- </appender>
- <!-- AAF related loggers -->
- <logger name="org.onap.aaf" level="INFO" additivity="true">
- <appender-ref ref="DEBUG" />
- </logger>
- <logger name="org.apache.catalina.core" level="INFO"
- additivity="true">
- <appender-ref ref="DEBUG" />
- </logger>
- <logger name="org.onap.cmso" level="INFO"
- additivity="true">
- <appender-ref ref="ERROR" />
- </logger>
-
- <!-- CLDS related loggers -->
- <logger name="com.att.eelf.error" level="OFF" additivity="true">
- <appender-ref ref="ERROR" />
- </logger>
- <!-- EELF related loggers -->
- <logger name="com.att.eelf.audit" level="INFO"
- additivity="false">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger name="com.att.eelf.metrics" level="DEBUG"
- additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
- <logger name="com.att.eelf.security" level="DEBUG"
- additivity="false">
- <appender-ref ref="asyncEELFSecurity" />
- </logger>
-
- <!-- Spring related loggers -->
- <logger name="org.springframework" level="DEBUG" />
-
- <!-- Other Loggers that may help troubleshoot -->
- <logger name="org.apache" level="DEBUG" />
-
- <!-- logback internals logging -->
- <logger name="ch.qos.logback.classic" level="INFO" />
- <logger name="ch.qos.logback.core" level="INFO" />
-
- <!-- logback jms appenders & loggers definition starts here -->
- <appender name="auditLogs"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- </filter>
- <file>${logDirectory}/Audit-${lrmRVer}-${lrmRO}-${Pid}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/Audit-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip
- </fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
- <appender name="perfLogs"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- </filter>
- <file>${logDirectory}/Perform-${lrmRVer}-${lrmRO}-${Pid}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/Perform-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip
- </fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
- <logger name="AuditRecord" level="INFO" additivity="FALSE">
- <appender-ref ref="auditLogs" />
- </logger>
- <logger name="AuditRecord_DirectCall" level="INFO"
- additivity="FALSE">
- <appender-ref ref="auditLogs" />
- </logger>
- <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
- <appender-ref ref="perfLogs" />
- </logger>
- <!-- logback jms appenders & loggers definition ends here -->
-
- <root level="INFO">
- <appender-ref ref="DEBUG" />
- <appender-ref ref="STDOUT" />
- </root>
-</configuration>
-
+++ /dev/null
-{{/*
-#-------------------------------------------------------------------------------
-# Copyright © 2017-2019 AT&T Intellectual Property.
-# Modifications Copyright © 2018 IBM.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#
-# Unless otherwise specified, all documentation contained herein is licensed
-# under the Creative Commons License, Attribution 4.0 Intl. (the â??Licenseâ?\9d);
-# you may not use this documentation except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://creativecommons.org/licenses/by/4.0/
-#
-# Unless required by applicable law or agreed to in writing, documentation
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#-------------------------------------------------------------------------------
-*/}}
-cadi_loglevel=DEBUG
-cadi_prop_files=/share/etc/osaaf/local/org.onap.oof.props
-aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
-
-aaf.urls=https://aaf-locate:8095
-aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
-aaf.enabled=true
-aaf.namespace=org.onap.oof
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-chown
- command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: JAVA_TRUSTSTORE
- value: /share/etc/osaaf/local/{{ .Values.global.truststoreFile }}
- - name: SSL_KEYSTORE
- value: /share/etc/osaaf/local/{{ .Values.global.keystoreFile }}
- - name: JAVA_TRUSTSTORE_PASSWORD
- value: {{ .Values.global.truststorePassword }}
- - name: AUTHENTICATION
- value: {{ .Values.global.authentication }}
- - name: VM_ARGS
- value: "-Dcom.att.eelf.logging.file=logback.xml -Dcom.att.eelf.logging.path=/share/etc/config"
- command:
- - /bin/sh
- args:
- - "-c"
- - |
- export SSL_KEYSTORE_PASSWORD=$(cat /share/etc/osaaf/local/.pass)
- ./startService.sh
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 8 }}
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/logs
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /share/debug-logs
- - name: {{ include "common.fullname" . }}-config
- mountPath: /share/etc/config
- - name: {{ include "common.fullname" . }}-certs
- mountPath: /share/etc/certs
- - name: {{ include "common.fullname" . }}-certs
- mountPath: /opt/app/cmso/src/main/resources/aaf
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: logback.xml
- path: logback.xml
- - key: cadi.properties
- path: cadi.properties
- - key: topology.properties
- path: topology.properties
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-certs
- secret:
- secretName: {{ include "common.release" . }}-{{ .Values.global.commonConfigPrefix }}-certs
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global: # global defaults
- nodePortPrefix: 302
-
-subChartsOnly:
- enabled: true
-
-# application image
-image: onap/optf-cmso-topology:2.3.4
-pullPolicy: Always
-
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 120
- periodSeconds: 10
-
-
-service:
- type: ClusterIP
- name: oof-cmso-topology
- portName: cmso-topology
- internalPort: 7998
- externalPort: 7998
- #nodePort: 23
- # as of 20181022 port 23 is reserved for cmso
- # see https://wiki.onap.org/display/DW/OOM+NodePort+List
-
-
-config:
-
-ingress:
- enabled: false
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-flavor: small
-resources:
- small:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
- large:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2018 AT&T
-# Copyright (C) 2020 Wipro Limited.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~8.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: mariadb-galera
- version: ~8.x-0
- repository: '@local'
- - name: mariadb-init
- version: ~8.x-0
- repository: '@local'
- - name: oof-cmso-optimizer
- version: ~8.x-0
- repository: 'file://components/oof-cmso-optimizer'
- condition: oof-cmso-optimizer.enabled
- - name: oof-cmso-service
- version: ~8.x-0
- repository: 'file://components/oof-cmso-service'
- condition: oof-cmso-service.enabled
- - name: oof-cmso-ticketmgt
- version: ~8.x-0
- repository: 'file://components/oof-cmso-ticketmgt'
- condition: oof-cmso-ticketmgt.enabled
- - name: oof-cmso-topology
- version: ~8.x-0
- repository: 'file://components/oof-cmso-topology'
- condition: oof-cmso-topology.enabled
- - name: repositoryGenerator
- version: ~8.x-0
- repository: '@local'
+++ /dev/null
-/**=org.onap.oof.access|*|get ALL
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.config.log.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.log.logstashPort}}"]
- #If enable will do load balancing among availabe Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-certs
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
+++ /dev/null
-# Copyright © 2018 AT&T
-# Copyright (C) 2020 Wipro Limited.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: cmso-db-root-password
- name: &rootPassword '{{ include "common.release" . }}-cmso-db-root-password'
- type: password
- password: ''
- policy: generate
- - uid: cmso-service-db-secret
- name: &serviceDbCreds '{{ include "common.release" . }}-cmso-service-db-secret'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.db.service.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.db.service.userName }}'
- password: '{{ .Values.config.db.service.userPassword }}'
- passwordPolicy: generate
- - uid: cmso-db-secret
- name: &optimizerDbCreds '{{ include "common.release" . }}-cmso-optimizer-db-secret'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.db.optimizer.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.db.optimizer.userName }}'
- password: '{{ .Values.config.db.optimizer.userPassword }}'
- passwordPolicy: generate
- - uid: cmso-aaf-creds
- name: &aafCreds '{{ include "common.release" . }}-cmso-aaf-creds'
- type: basicAuth
- login: '{{ .Values.config.aaf.user }}'
- password: '{{ .Values.config.aaf.password }}'
-
-mariadb-galera:
- replicaCount: 1
- nameOverride: &dbName cmso-db
- nfsprovisionerPrefix: cmso
- sdnctlPrefix: cmso
- persistence:
- mountSubPath: cmso/data
- enabled: true
- disableNfsProvisioner: true
- rootUser:
- externalSecret: *rootPassword
- serviceAccount:
- nameOverride: *dbName
-
-global:
- commonConfigPrefix: "oof-cmso"
- truststoreFile: "truststoreONAPall.jks"
- keystoreFile: "org.onap.oof.jks"
- truststorePassword:
- authentication: aaf-auth
-
-mariadb-init:
- mariadbGalera:
- containerName: *dbName
- serviceName: *dbName
- servicePort: 3306
- userRootSecret: *rootPassword
- config:
- userCredentialsExternalSecret: *serviceDbCreds
- mysqlDatabase: cmso
- mysqlAdditionalDatabases:
- optimizer:
- externalSecret: *optimizerDbCreds
- nameOverride: cmso-db-config
-
-flavor: small
-
-config:
- aaf:
- user: oof@oof.onap.org
- password: demo123456!
- log:
- logstashServiceName: log-ls
- logstashPort: 5044
- db:
- service:
- # userCredentialsExternalsecret: some secret
- userName: cmso-admin
- # userPassword: password
- optimizer:
- userName: cmso-optimizer
-
-#sub-charts configuration
-certInitializer: &certInitConfig
- fqdn: "oof.onap"
- app_ns: "org.osaaf.aaf"
- fqi: "oof@oof.onap.org"
- fqi_namespace: org.onap.oof
- public_fqdn: "oof.onap.org"
- aafDeployFqi: "deployer@people.osaaf.org"
- aafDeployPass: demo123456!
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- appMountPath: /share/etc/osaaf
- aaf_add_config: >
- cd {{ .Values.credsPath }};
- /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password_jks= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1;
- find ./ -type f -exec sed -i -e 's/\/opt\/app\/osaaf\/local/\/share\/etc\/osaaf\/local/g' {} \;
-
-oof-cmso-service:
- enabled: true
- certInitializer:
- << : *certInitConfig
- nameOverride: oof-cmso-service-cert-initializer
- config:
- db:
- userCredentialsExternalSecret: *serviceDbCreds
- host: *dbName
- container: *dbName
- mysqlDatabase: cmso
- aaf:
- userCredentialsExternalSecret: *aafCreds
-
-oof-cmso-optimizer:
- enabled: true
- certInitializer:
- << : *certInitConfig
- nameOverride: oof-cmso-optimizer-cert-initializer
- config:
- enabled: true
- db:
- userCredentialsExternalSecret: *optimizerDbCreds
- host: *dbName
- container: *dbName
- mysqlDatabase: optimizer
- aaf:
- userCredentialsExternalSecret: *aafCreds
-
-oof-cmso-topology:
- enabled: true
- certInitializer:
- << : *certInitConfig
- nameOverride: oof-cmso-topology-cert-initializer
-
-oof-cmso-ticketmgt:
- enabled: true
- certInitializer:
- << : *certInitConfig
- nameOverride: oof-cmso-ticketmgt-cert-initializer
#aai_retries = 3
# The version of A&AI in v# format. (string value)
-server_url_version = v19
+server_url_version = v21
# SSL/TLS certificate file in pem format. This certificate must be registered
# with the A&AI endpoint. (string value)
- name: certInitializer
version: ~8.x-0
repository: '@local'
- - name: oof-cmso
- version: ~8.x-0
- repository: 'file://components/oof-cmso'
- condition: oof-cmso.enabled
- name: oof-has
version: ~8.x-0
repository: 'file://components/oof-has'
filter:
interval: 10
ml_enabled: false
+
+nxi_termination:
+ query_templates:
+ nsi: "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}') > service-instance*('service-role','e2eserviceprofile-service')"
+ nsi_with_profile: "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}') > service-instance*('service-role','e2eserviceprofile-service')('service-instance-id','{{ printf "{{profile_id}}" }}')"
+ nssi: "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}') > service-instance*('service-role','nsi')"
+ nssi_with_nsi: "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}') > service-instance*('service-role','nsi')('service-instance-id','{{ printf "{{nsi_id}}" }}')"
+
aaiGetControllersUrl: {{ .Values.config.aaiGetControllersUrl }}
controllerQueryUrl: {{ .Values.config.controllerQueryUrl }}
aaiGetInterDomainLinksUrl: {{ .Values.config.aaiGetInterDomainLinksUrl }}
+dslQueryPath: /aai/v23/dsl?format=
#DES api
desUrl: {{ .Values.config.desUrl }}
#component overrides
-oof-cmso:
- enabled: true
oof-has:
enabled: true
certSecret: *oof-certs
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Chart Museum
+name: chartmuseum
+version: 8.0.0
-# Copyright (C) 2020 Wipro Limited.
-#
+#============LICENSE_START========================================================
+# Copyright (c) 2021 AT&T. All rights reserved.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+# ============LICENSE_END=========================================================
dependencies:
- name: common
version: ~8.x-0
repository: '@local'
- - name: certInitializer
+ - name: repositoryGenerator
version: ~8.x-0
repository: '@local'
- - name: repositoryGenerator
+ - name: readinessCheck
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ {{ include "common.podSecurityContext" . | indent 7 | trim}}
+ initContainers:
+ - name: volume-permissions
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} //chartmuseum-persist
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+ - name: chart-persistent
+ mountPath: "/chartmuseum-persist"
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 12 | trim }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ path: {{ .Values.liveness.path }}
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ env:
+ - name: STORAGE
+ value: local
+ - name: STORAGE_LOCAL_ROOTDIR
+ value: "/chartmuseum-persist"
+ - name: BASIC_AUTH_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "registrycred" "key" "login") | indent 14 }}
+ - name: BASIC_AUTH_PASS
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "registrycred" "key" "password") | indent 14 }}
+ volumeMounts:
+ - mountPath: /chartmuseum-persist
+ name: chart-persistent
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: chart-persistent
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.PV" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+################################################################################
+# Copyright (c) 2021 AT&T #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+*/}}
+
+{{ include "common.PVC" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2021 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# Global values
+global:
+ pullPolicy: Always
+ persistence: {}
+ githubContainerRegistry: ghcr.io
+image: helm/chartmuseum:v0.13.1
+containerPort: &cont_port 8080
+
+
+# Secrets Configuration.
+secrets:
+ - uid: registrycred
+ type: basicAuth
+ login: '{{ .Values.registryCred.username }}'
+ password: '{{ .Values.registryCred.password }}'
+ passwordPolicy: required
+
+
+# service configuration
+service:
+ type: ClusterIP
+ name: chart-museum
+ ports:
+ - port: 80
+ internal_port: *cont_port
+ name: &port http
+
+chartsMap:
+ directory: "/charts/components/"
+
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 30
+ path: /health
+ port: *port
+ enabled: true
+
+# Below parameter should match setting in all clients
+# including contrib\tools\registry-initialize.sh
+# which does preload
+registryCred:
+ username: onapinitializer
+ password: demo123456!
+
+# Parameters for persistent storage
+persistence:
+ enabled: true
+ accessMode: ReadWriteOnce
+ size: 4Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: chartmuseum/data
+ volumeReclaimPolicy: Retain
+
+
+serviceAccount:
+ nameOverride: chartmuseum
+ roles:
+ - read
+
+securityContext:
+ user_id: 2000
+ group_id: 3000
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 0.5
+ memory: 512Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ unlimited: {}
\ No newline at end of file
description: Path of health check endpoint.
type: string
certEndpoint:
- description: Path of cerfificate signing enpoint.
+ description: Path of cerfificate signing endpoint.
+ type: string
+ updateEndpoint:
+ description: Path of certificate update endpoint.
type: string
caName:
description: Name of the external CA server configured on CertService API side.
url: {{ .Values.cmpv2issuer.url }}
healthEndpoint: {{ .Values.cmpv2issuer.healthcheckEndpoint }}
certEndpoint: {{ .Values.cmpv2issuer.certEndpoint }}
+ updateEndpoint: {{ .Values.cmpv2issuer.updateEndpoint }}
caName: {{ .Values.cmpv2issuer.caName }}
certSecretRef:
name: {{ .Values.cmpv2issuer.certSecretRef.name }}
{{ if .Values.global.cmpv2Enabled }}
# ============LICENSE_START=======================================================
-# Copyright (c) 2020 Nokia
+# Copyright (c) 2020-2021 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
labels:
control-plane: controller-manager
spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
initContainers:
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- - name: {{ .Values.deploymentProxy.name }}
- image: {{ .Values.deploymentProxy.image }}
- imagePullPolicy: {{ .Values.deploymentProxy.pullPolicy }}
- args:
- - --secure-listen-address=0.0.0.0:8443
- - --upstream=http://127.0.0.1:8080/
- - --logtostderr=true
- - --v=10
- ports:
- - containerPort: 8443
- name: https
- resources:
- limits:
- cpu: {{ .Values.deploymentProxy.resources.limits.cpu }}
- memory: {{ .Values.deploymentProxy.resources.limits.memory }}
- requests:
- cpu: {{ .Values.deploymentProxy.resources.requests.cpu }}
- memory: {{ .Values.deploymentProxy.resources.requests.memory }}
- name: provider
image: {{ .Values.global.repository }}{{if .Values.global.repository }}/{{ end }}{{ .Values.deployment.image }}
imagePullPolicy: {{ .Values.deployment.pullPolicy }}
-# Copyright © 2020, Nokia
+# Copyright © 2020-2021, Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
namespace: onap
-# Service configuration
-service:
- name: oom-certservice-cmpv2issuer-metrics-service
- type: ClusterIP
- ports:
- name: https
- port: 8443
- targetPort: https
-
# Deployment configuration
deployment:
name: oom-certservice-cmpv2issuer
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.2
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.4.0
proxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
# fol local development use IfNotPresent
pullPolicy: Always
requests:
cpu: 100m
memory: 64Mi
-deploymentProxy:
- name: kube-rbac-proxy
- image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
- pullPolicy: IfNotPresent
- resources:
- limits:
- cpu: 250m
- memory: 128Mi
- requests:
- cpu: 50m
- memory: 32Mi
readinessCheck:
wait_for:
- oom-cert-service
url: https://oom-cert-service:8443
healthcheckEndpoint: actuator/health
certEndpoint: v1/certificate
+ updateEndpoint: v1/certificate-update
caName: RA
certSecretRef:
name: oom-cert-service-client-tls-secret
{
"caName": "CLIENT",
"url": "http://ejbca:8080/ejbca/publicweb/cmp/cmp",
- "issuerDN": "CN=ManagementCA",
+ "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345",
"caMode": "CLIENT",
"authentication": {
"iak": "${CLIENT_IAK}",
{
"caName": "RA",
"url": "http://ejbca:8080/ejbca/publicweb/cmp/cmpRA",
- "issuerDN": "CN=ManagementCA",
+ "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345",
"caMode": "RA",
"authentication": {
"iak": "${RA_IAK}",
}
}
]
-}
\ No newline at end of file
+}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
volumes:
{{- if .Values.global.addTestingComponents }}
- name: cmp-servers-template-volume
# Deployment configuration
repository: "nexus3.onap.org:10001"
-image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.4.0
pullPolicy: Always
replicaCount: 1
- name: cmpv2-cert-provider
version: ~8.x-0
repository: 'file://components/cmpv2-cert-provider'
+ - name: chartmuseum
+ version: ~8.x-0
+ repository: 'file://components/chartmuseum'
\ No newline at end of file
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
cpu: 20m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-apex-pdp
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
cpu: 200m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-api
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-config
configMap:
app: {{ include "common.name" . }}-policy-clamp-job
release: {{ include "common.release" . }}
spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
initContainers:
#This container checks that all galera instances are up before initializing it.
- name: {{ include "common.name" . }}-readiness
cpu: 10m
memory: 3Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-be
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-config
configMap:
cpu: 10m
memory: 50Mi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-fe
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
cpu: 200m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-distribution
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
cpu: 200m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-drools-pdp
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "nothing" "dot" . )}}
volumes:
- name: localtime
hostPath:
cpu: 2m
memory: 1Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-nexus
+ roles:
+ - nothing
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
cpu: 200m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-pap
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
cpu: 200m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-xacml-pdp
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
app: {{ include "common.name" . }}-job
release: {{ include "common.release" . }}
spec:
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
initContainers:
#This container checks that all galera instances are up before initializing it.
- name: {{ include "common.name" . }}-readiness
resources:
{{ include "common.resources" . }}
restartPolicy: Never
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy
+ roles:
+ - read
#!/bin/bash
+
set -eo pipefail
shopt -s nullglob
mysql_error "Both $var and $fileVar are set (but are exclusive)"
fi
local val="$def"
+ # val="${!var}"
+ # val="$(< "${!fileVar}")"
+ # eval replacement of the bashism equivalents above presents no security issue here
+ # since var and fileVar variables contents are derived from the file_env() function arguments.
+ # This method is only called inside this script with a limited number of possible values.
if [ "${!var:-}" ]; then
- val="${!var}"
+ eval val=\$$var
elif [ "${!fileVar:-}" ]; then
- val="$(< "${!fileVar}")"
+ val="$(< "$(eval echo "\$$fileVar")")"
fi
export "$var"="$val"
unset "$fileVar"
mysql_check_config() {
local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors
if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
- mysql_error $'mysqld failed while attempting to check config\n\tcommand was: '"${toRun[*]}"$'\n\t'"$errors"
+ mysql_error "$(printf 'mysqld failed while attempting to check config\n\tcommand was: ')${toRun[*]}$(printf'\n\t')$errors"
fi
}
"$@" --skip-networking --socket="${SOCKET}" &
mysql_note "Waiting for server startup"
local i
- for i in {30..0}; do
+ for i in $(seq 30 -1 0); do
# only use the root password if the database has already been initializaed
# so that it won't try to fill in a password file when it hasn't been set yet
- extraArgs=()
+ extraArgs=""
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- extraArgs+=( '--dont-use-mysql-root-password' )
+ extraArgs=${extraArgs}" --dont-use-mysql-root-password"
fi
- if echo 'SELECT 1' |docker_process_sql "${extraArgs[@]}" --database=mysql >/dev/null 2>&1; then
+ if echo 'SELECT 1' |docker_process_sql ${extraArgs} --database=mysql >/dev/null 2>&1; then
break
fi
sleep 1
# Verify that the minimally required password settings are set for new databases.
docker_verify_minimum_env() {
if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- mysql_error $'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
+ mysql_error "$(printf'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD')"
fi
}
# initializes the database directory
docker_init_database_dir() {
mysql_note "Initializing database files"
- installArgs=( --datadir="$DATADIR" --rpm )
+ installArgs=" --datadir=$DATADIR --rpm "
if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
# beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
# see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
# (this flag doesn't exist in 10.0 and below)
- installArgs+=( --auth-root-authentication-method=normal )
+ installArgs=${installArgs}" --auth-root-authentication-method=normal"
fi
# "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
- mysql_install_db "${installArgs[@]}" "${@:2}"
+ mysql_install_db ${installArgs} "$(echo ${@} | sed 's/^ *[^ ]* *//')"
mysql_note "Database files initialized"
}
# ie: docker_process_sql --database=mydb <<<'INSERT ...'
# ie: docker_process_sql --dont-use-mysql-root-password --database=mydb <my-file.sql
docker_process_sql() {
- passfileArgs=()
+ passfileArgs=""
if [ '--dont-use-mysql-root-password' = "$1" ]; then
- passfileArgs+=( "$1" )
+ passfileArgs=${passfileArgs}" $1"
shift
fi
# args sent in can override this db, since they will be later in the command
set -- --database="$MYSQL_DATABASE" "$@"
fi
- mysql --defaults-extra-file=<( _mysql_passfile "${passfileArgs[@]}") --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@"
+ mysql --defaults-extra-file=<( _mysql_passfile ${passfileArgs}) --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@"
}
# Initializes database with timezone info and root password, plus optional extra db/user
if [ -n "$MYSQL_DATABASE" ]; then
mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}"
- echo "GRANT ALL ON \`${MYSQL_DATABASE//_/\\_}\`.* TO '$MYSQL_USER'@'%' ;" |docker_process_sql --database=mysql
+ echo "GRANT ALL ON \`$(echo $MYSQL_DATABASE | sed 's@_@\\_@g')\`.* TO '$MYSQL_USER'@'%' ;" | docker_process_sql --database=mysql
fi
- echo "FLUSH PRIVILEGES ;" |docker_process_sql --database=mysql
+ echo "FLUSH PRIVILEGES ;" | docker_process_sql --database=mysql
fi
}
_main() {
# if command starts with an option, prepend mysqld
- if [ "${1:0:1}" = '-' ]; then
+ if echo "$1" | grep '^-' >/dev/null; then
set -- mysqld "$@"
fi
# If container is started as root user, restart as dedicated mysql user
if [ "$(id -u)" = "0" ]; then
mysql_note "Switching to dedicated user 'mysql'"
- exec gosu mysql "$BASH_SOURCE" "$@"
+ exec gosu mysql "$0" "$@"
fi
# there's no database, so it needs to be initialized
case $key in
init_robot)
TAG="UpdateWebPage"
- read -s -p "WEB Site Password for user 'test': " WEB_PASSWORD
+ echo "WEB Site Password for user 'test': "
+ stty -echo
+ read WEB_PASSWORD
+ stty echo
if [ "$WEB_PASSWORD" = "" ]; then
echo ""
echo "WEB Password is required for user 'test'"
if [ $execscript ]; then
for script in $(ls -1 "$DIR/$SCRIPTDIR"); do
- [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script"
+ [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && . "$DIR/$SCRIPTDIR/$script"
done
fi
if [ "${!#}" = "execscript" ]; then
for script in $(ls -1 "$DIR/$SCRIPTDIR"); do
- [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script"
+ [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && . "$DIR/$SCRIPTDIR/$script"
done
fi
if [ "${!#}" = "execscript" ]; then
for script in $(ls -1 "$DIR/$SCRIPTDIR"); do
- [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script"
+ [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && . "$DIR/$SCRIPTDIR/$script"
done
fi
#!/bin/bash
+
# Copyright 2019 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# See the License for the specific language governing permissions and
# limitations under the License.
-THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+THIS_DIR="$( cd "$( dirname "$0" )" >/dev/null 2>&1 && pwd )"
NAMESPACE=
FOLDER=
kubectl --namespace $NAMESPACE cp ${POD}:share/logs/$OUTPUT_FOLDER/summary/results.json "$OUTPUT_DIRECTORY"/results.json
kubectl --namespace $NAMESPACE cp ${POD}:share/logs/$OUTPUT_FOLDER/log.html "$OUTPUT_DIRECTORY"/log.html
-pushd .
+initdir=$(pwd)
# echo -e "import hashlib\nwith open(\"README.md\", \"r\") as f: bytes = f.read()\nreadable_hash = hashlib.sha256(bytes).hexdigest()\nprint(readable_hash)" | python
cd "$OUTPUT_DIRECTORY"
tar -czvf vnf_heat_results.tar.gz *
-popd
+cd $initdir
echo "VNF test results: $OUTPUT_DIRECTORY/vnf_heat_results.tar.gz"
}
copy_server_certs_to_hvves () {
- for f in {ca.p12,server.p12}
+ for f in ca.p12 server.p12
do
kubectl cp $1/$f $2/$3:$4
done
}
copy_client_certs_to_robot () {
- for f in {ca.pem,client.key,client.pem}
+ for f in ca.pem client.key client.pem
do
kubectl cp $1/$f $2/$3:$4
done
}
cleanup () {
- rm -f $1/{ca,server,client}.???
+ rm -f $1/ca.??? $1/server.??? s$1/client.???
}
global:
pullPolicy: Always
-image: onap/org.onap.sdc.sdc-helm-validator:1.2.0
+image: onap/org.onap.sdc.sdc-helm-validator:1.2.2
containerPort: &svc_port 8080
config:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- mountPath: {{ .Values.config.configDir }}/dmaap-consumer-RANSlice.properties
name: properties
subPath: dmaap-consumer-RANSlice.properties
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
cpu: 1
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc-dmaap-listener
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- mountPath: {{ .Values.config.configDir }}/RestServer_config
name: config
subPath: RestServer_config
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
cpu: 1
memory: 1Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc-ansible-server
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
#!/bin/bash
-{{/*
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
-#!/bin/bash
-{{/*
+#!/bin/sh
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
mountPath: /app/bin
- name: core-dns-keyfile
mountPath: /app/config/coredns
-
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
enabled: false
resources: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc-prom
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
readOnly: true
resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
cpu: 1
memory: 1Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc-web
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- mountPath: {{ .Values.config.configDir }}/ueb-listener.properties
name: properties
subPath: ueb-listener.properties
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
cpu: 1
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc-ueb-listener
+ roles:
+ - read
+
# Copyright © 2017 Amdocs, Bell Canada,
# Copyright © 2020 highstreet technologies GmbH
# Copyright © 2021 Nokia
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
dependencies:
- name: common
version: ~8.x-0
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
-#!/bin/bash
-{{/*
+#!/bin/sh
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
- /bin/bash
args:
- {{.Values.config.binDir }}/installSdncDb.sh
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
- name: localtime
name: properties
subPath: oauth-provider.config.json
{{ end }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
+ resources: {{ include "common.resources" . | nindent 12 }}
# side car containers
- name: filebeat-onap
image: {{ include "repositoryGenerator.image.logging" . }}
name: logs
- mountPath: /usr/share/filebeat/data
name: data-filebeat
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
mountSubPath: sdnc/mdsal
mdsalPath: /opt/opendaylight/mdsal
daeximPath: /opt/opendaylight/mdsal/daexim
- journalPath: /opt/opendaylight/journal
+ journalPath: /opt/opendaylight/segmented-journal
snapshotsPath: /opt/opendaylight/snapshots
certpersistence:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdnc
+ roles:
+ - read
readinessCheck:
wait_for:
- - so-mariadb-config
+ jobs:
+ - '{{ include "common.release" . }}-so-mariadb-config-job'
#################################################################
# Secrets metaconfig
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/bpmn-infra:1.8.2
+image: onap/so/bpmn-infra:1.9.0
pullPolicy: Always
db:
readinessCheck:
wait_for:
- - so-mariadb-config
+ jobs:
+ - '{{ include "common.release" . }}-so-mariadb-config-job'
#################################################################
# Secrets metaconfig
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/catalog-db-adapter:1.8.2
+image: onap/so/catalog-db-adapter:1.9.0
pullPolicy: Always
db:
port: {{ index .Values.containerPort }}
tomcat:
max-threads: 50
+multicloud:
+ endpoint: http://multicloud-k8s.{{ include "common.namespace" . }}:9015
mso:
site-name: localSite
logPath: ./logs/cnf-adapter
readinessCheck:
wait_for:
- - so-mariadb-config
+ jobs:
+ - '{{ include "common.release" . }}-so-mariadb-config-job'
#################################################################
# Secrets metaconfig
readinessCheck:
wait_for:
- - so-mariadb-config
+ jobs:
+ - '{{ include "common.release" . }}-so-mariadb-config-job'
#################################################################
readinessCheck:
wait_for:
- - so-mariadb-config
+ jobs:
+ - '{{ include "common.release" . }}-so-mariadb-config-job'
#################################################################
# Secrets metaconfig
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.8.2
+image: onap/so/openstack-adapter:1.9.0
pullPolicy: Always
db:
readinessCheck:
wait_for:
- - so-mariadb-config
+ jobs:
+ - '{{ include "common.release" . }}-so-mariadb-config-job'
#################################################################
# Secrets metaconfig
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/request-db-adapter:1.8.2
+image: onap/so/request-db-adapter:1.9.0
pullPolicy: Always
db:
readinessCheck:
wait_for:
- - so-mariadb-config
+ jobs:
+ - '{{ include "common.release" . }}-so-mariadb-config-job'
#################################################################
# Secrets metaconfig
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/sdc-controller:1.8.2
+image: onap/so/sdc-controller:1.9.0
pullPolicy: Always
db:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/sdnc-adapter:1.8.2
+image: onap/so/sdnc-adapter:1.9.0
pullPolicy: Always
org:
readinessCheck:
wait_for:
- - so-mariadb-config
+ jobs:
+ - '{{ include "common.release" . }}-so-mariadb-config-job'
#################################################################
# Secrets metaconfig
userName: so_user
adminName: so_admin
-image: onap/so/api-handler-infra:1.8.2
+image: onap/so/api-handler-infra:1.9.0
server:
aaf:
.project
.idea/
*.tmproj
+components/
flavor: small
# application image
-image: onap/usecase-ui:4.0.1
+image: onap/usecase-ui:4.0.2
pullPolicy: Always
# application configuration
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/