{{/*
################################################################################
# Copyright (C) 2021 Nordix Foundation. #
+# Copyright (c) 2022 J. F. Lucas. All rights reserved. #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
{{/*
This template generates a Kubernetes init containers common template to enable applications to provision
- DMaaP topics (on Message Router) and feeds (on Data Router), with associated authorization (on AAF).
+ DMaaP feeds (on Data Router), with associated authorization.
DMaap Bus Controller endpoints are used to provision:
- - Authorized topic on MR, and to create and grant permission for publishers and subscribers.
+
- Feed on DR, with associated user authentication.
common.dmaap.provisioning.initContainer:
This template make use of Dmaap Bus Controller docker image to create resources on Dmaap Data Router
- microservice, with the help of dbc-client.sh script it makes use of Bus Controller API to create Feed, Topics.
+ microservice, with the help of dbc-client.sh script it makes use of Bus Controller API to create Feeds.
If the resource creation is successful via script response is logged back at particular location with
appropriate naming convention.
privilegedSubscriber: True
deliveryURL: https://dcae-pm-mapper:8443/delivery
- # MessageRouter Topic, Publisher Configuration
- mrTopicsConfig:
- - topicName: PERFORMANCE_MEASUREMENTS
- topicDescription: Description about Topic
- owner: dcaecm
- tnxEnabled: false
- clients:
- - dcaeLocationName: san-francisco
- clientRole: org.onap.dcae.pmPublisher
- action:
- - pub
- - view
-
- # ConfigMap Configuration for DR Feed, Dr_Publisher, Dr_Subscriber, MR Topics
+ # ConfigMap Configuration for DR Feed, Dr_Publisher, Dr_Subscriber
volumes:
- name: feeds-config
path: /opt/app/config/feeds
path: /opt/app/config/dr_pubs
- name: drsub-config
path: /opt/app/config/dr_subs
- - name: topics-config
- path: /opt/app/config/topics
In deployments/jobs/stateful include:
initContainers:
{{- define "common.dmaap.provisioning.initContainer" -}}
{{- $dot := default . .dot -}}
{{- $drFeedConfig := default $dot.Values.drFeedConfig .drFeedConfig -}}
-{{- $mrTopicsConfig := default $dot.Values.mrTopicsConfig .mrTopicsConfig -}}
-{{- if or $drFeedConfig $mrTopicsConfig -}}
+{{- if $drFeedConfig -}}
- name: {{ include "common.name" $dot }}-init-dmaap-provisioning
image: {{ include "repositoryGenerator.image.dbcClient" $dot }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2019 AT&T
-# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
.Release.
The template always produces a configMap containing the microservice's
-initial configuration data. This configMap is used by an initContainer
-that loads the configuration into Consul. (See the documentation for
+initial configuration data. (See the documentation for
dcaegen2-services-common.microserviceDeployment for more details.)
-If the microservice is using a logging sidecar (again, see the documentation
-for dcaegen2-services-common.microserviceDeployment for more details), the
-template generates an additiona configMap that supplies configuration
-information for the logging sidecar.
+If the microservice is using one or more Data Router (DR) feeds, the
+template produces a configMap containing the information needed to
+provision the feed(s). An init container performs the provisioning.
+
+If the microservice acts as a DR publisher for one or more feeds, the
+template produces a configMap containing the information needed to
+provision the publisher(s). An init container performs the provisioning.
+
+If the microservice acts as a DR subscriber for one or more feeds, the
+template produces a configMap containing the information needed to
+provision the subscribeer(s). An init container performs the provisioning.
+
*/}}
{{- define "dcaegen2-services-common.configMap" -}}
{{ $drsub | toJson | indent 2 }}
{{- end }}
{{- end }}
-
-{{- if .Values.mrTopicsConfig }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-topics-config
- namespace: {{ include "common.namespace" . }}
- labels: {{ include "common.labels" . | nindent 6 }}
-data:
- {{- range $i, $topics := .Values.mrTopicsConfig }}
- topicsConfig-{{$i}}.json: |-
- {{ $topics | toJson | indent 2 }}
- {{- end }}
-{{- end }}
{{- end }}
The template expects a single argument, pointing to the caller's global context.
Microservice-specific environment variables can be specified in two ways:
- 1. As literal string values.
+ 1. As literal string values. (The values can also be Helm template fragments.)
2. As values that are sourced from a secret, identified by the secret's
uid and the key within the secret that provides the value.
logging sidecar and the DCAE microservice container share a
volume where the microservice logs are written.
-The Deployment includes an initContainer that checks for the
-readiness of other components that the microservice relies on.
-This container is generated by the "common.readinessCheck.waitfor"
-template.
-
-If the microservice acts as a TLS client or server, the Deployment will
-include an initContainer that retrieves certificate information from
-the AAF certificate manager. The information is mounted at the
-mount point specified in .Values.certDirectory. If the microservice is
-a TLS server (indicated by setting .Values.tlsServer to true), the
-certificate information will include a server cert and key, in various
-formats. It will also include the AAF CA cert. If the microservice is
-a TLS client only (indicated by setting .Values.tlsServer to false), the
-certificate information includes only the AAF CA cert.
-
Deployed POD may also include a Policy-sync sidecar container.
The sidecar is included if .Values.policies is set. The
Policy-sync sidecar polls PolicyEngine (PDP) periodically based
policyRelease: "onap"
policyID: |
'["onap.vfirewall.tca","onap.vdns.tca"]'
+
+The Deployment includes an initContainer that checks for the
+readiness of other components that the microservice relies on.
+This container is generated by the "common.readinessCheck.waitfor"
+template. See the documentation for this template
+(oom/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl).
+
+If the microservice uses a DMaaP Data Router (DR) feed, the Deployment
+includes an initContainer that makes provisioning requests to the DMaaP
+bus controller (dmaap-bc) to create the feed and to set up a publisher
+and/or subscriber to the feed. The Deployment also includes a second
+initContainer that merges the information returned by the provisioning
+process into the microservice's configuration. See the documentation for
+the common DMaaP provisioning template
+(oom/kubernetes/common/common/templates/_dmaapProvisioning.tpl).
+
+If the microservice acts as a TLS client or server, the Deployment will
+include an initContainer that retrieves certificate information from
+the AAF certificate manager. The information is mounted at the
+mount point specified in .Values.certDirectory. If the microservice is
+a TLS server (indicated by setting .Values.tlsServer to true), the
+certificate information will include a server cert and key, in various
+formats. It will also include the AAF CA cert. If the microservice is
+a TLS client only (indicated by setting .Values.tlsServer to false), the
+certificate information includes only the AAF CA cert.
+
+If the microservice uses certificates from an external CMPv2 provider,
+the Deployment will include an initContainer that performs certificate
+post-processing.
*/}}
{{- define "dcaegen2-services-common.microserviceDeployment" -}}
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{- if not $drFeedConfig }}
- - command:
- - sh
- args:
- - -c
- - |
- {{- range $var := .Values.customEnvVars }}
- export {{ $var.name }}="{{ $var.value }}";
- {{- end }}
- cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
- env:
- {{- range $cred := .Values.credentials }}
- - name: {{ $cred.name }}
- {{- include "common.secret.envFromSecretFast" (dict "global" $ "uid" $cred.uid "key" $cred.key) | indent 10 }}
- {{- end }}
- volumeMounts:
- - mountPath: /config-input
- name: app-config-input
- - mountPath: /config
- name: app-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- {{- end }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
{{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }}
{{- if $certDir }}
resources: {{ include "common.resources" . | nindent 2 }}
volumeMounts:
- mountPath: /app-config
- name: app-config
+ name: {{ ternary "app-config-input" "app-config" (not $drFeedConfig) }}
- mountPath: /app-config-input
name: app-config-input
{{- if $logDir }}
privilegedSubscriber: true
deliveryURL: http://dcae-pm-mapper:8081/delivery
-
# ConfigMap Configuration for Dr Feed, Subscriber, MR Topics
volumes:
- name: feeds-config
uid: *aaiCredsUID
key: password
-customEnvVars:
-- name: AUTH_HDR
- value: "Basic `echo -n ${AAI_USER}:${AAI_PASSWORD} | base64`"
-
# initial application configuration
applicationConfig:
dmaap.dmaapConsumerConfiguration.dmaapContentType: "application/json"
X-TransactionId: "9999"
Accept: "application/json"
Real-Time: "true"
- Authorization: $AUTH_HDR
+ Authorization: ${AUTH_HDR}
security.trustStorePath: "/opt/app/prh/etc/cert/trust.jks"
security.trustStorePasswordPath: "/opt/app/prh/etc/cert/trust.pass"
security.keyStorePath: "/opt/app/prh/etc/cert/cert.jks"
applicationEnv:
CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+ AUTH_HDR: '{{ printf "Basic %s" (print .Values.aaiCreds.user ":" .Values.aaiCreds.password | b64enc) }}'
# Resource Limit flavor -By Default using small
flavor: small
topic_url: http://message-router:3904/events/unauthenticated.DCAE_RCC_OUTPUT
type: message_router
#rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"${CONTROLLER_IP}:{CONTROLLER_PORT}","controller_restapiUser":"${CONTROLLER_USERNAME}","controller_restapiPassword":"${CONTROLLER_PASSWORD}","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]'
- rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"172.30.0.55:26335","controller_restapiUser":"${CONTROLLER_USERNAME}","controller_restapiPassword":"${CONTROLLER_PASSWORD}","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]'
+ # Workaround while DCAEGEN2-3234 is being resolved--hardcording the ${CONTROLLER_USERNAME} and ${CONTROLLER_PASSWORD} until the restconf-collector uses the latest CBS client SDK that can handle multiple substitutions in a string.
+ # The line immediately below this one should be used once DCAEGEN-3234 is resolved.
+ #rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"172.30.0.55:26335","controller_restapiUser":"${CONTROLLER_USERNAME}","controller_restapiPassword":"${CONTROLLER_PASSWORD}","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]'
+ rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"172.30.0.55:26335","controller_restapiUser":"access","controller_restapiPassword":"Huawei@123","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]'
#applicationEnv:
# CONTROLLER_IP: "172.30.0.55"